diff --git a/docs/wiki/Contribution guide - Generate module readme.md b/docs/wiki/Contribution guide - Generate module readme.md index 0a03ffc600..346dea5fc5 100644 --- a/docs/wiki/Contribution guide - Generate module readme.md +++ b/docs/wiki/Contribution guide - Generate module readme.md @@ -1,6 +1,13 @@ As per the module design structure, every module in the CARML library requires a ReadMe markdown file documenting the set of deployable resource types, input and output parameters and a set of relevant template references from the official Azure Resource Reference documentation. -The ReadMe generator utility aims to simplify contributing to the CARML library, as it supports creating the module ReadMe markdown file from scratch or updating it. +The `Set-Module` utility aims to simplify contributing to the AVM library, as it supports +- idempotently generating the AVM folder structure for a module (including any child resource) +- generating the module's ReadMe file from scratch or updating it +- compiling/building the module template + +To ease maintenance, you can run the utility with a `Recurse` flag from the root of your folder to update all files automatically. + +> **Note:** If you want to add any non-generated content to the Readme you can do so by adding it to a `## Notes` section at the bottom of the corresponding readme. --- @@ -13,14 +20,18 @@ The ReadMe generator utility aims to simplify contributing to the CARML library, --- # Location -You can find the script under [`/utilities/tools/Set-ModuleReadMe.ps1`](https://github.com/Azure/ResourceModules/blob/main/utilities/tools/Set-ModuleReadMe.ps1) +You can find the script under [`/utilities/tools/Set-Module.ps1`](https://github.com/Azure/ResourceModules/blob/main/utilities/tools/Set-Module.ps1) # How it works -1. Using the provided template path, the script first converts it to ARM/JSON if necessary (i.e., if a path to a Bicep file was provided) -1. If the intended readMe file does not yet exist in the expected path, it is generated with a skeleton (with e.g., a generated header name) -1. The script then goes through all sections defined as `SectionsToRefresh` (by default all) and refreshes the sections' content (for example, for the `Parameters`) based on the values in the ARM/JSON Template. It detects sections by their header and always regenerates the full section. -1. Once all are refreshed, the current ReadMe file is overwritten. **Note:** The script can be invoked combining the `WhatIf` and `Verbose` switches to just receive an console-output of the updated content. +Using the provided template path, the script +1. validates the module's folder structure + - To do so, it searches for any required folder path / file missing and adds them. For several files, it will also provide some default content to get you started. The sources files for this action can be found [here](https://github.com/Azure/ResourceModules/tree/main/utilities/tools/helper/src) +1. compiles its bicep template +1. updates the readme (recursively, specified) + 1. If the intended ReadMe file does not yet exist in the expected path, it is generated with a skeleton (with e.g., a generated header name) + 1. The script then goes through all sections defined as `SectionsToRefresh` (by default all) and refreshes the sections' content (for example, for the `Parameters`) based on the values in the ARM/JSON Template. It detects sections by their header and always regenerates the full section. + 1. Once all sections are refreshed, the current ReadMe file is overwritten. **Note:** The script can be invoked combining the `WhatIf` and `Verbose` switches to just receive an console-output of the updated content. # How to use it diff --git a/docs/wiki/Interoperability - Bicep to ARM conversion.md b/docs/wiki/Interoperability - Bicep to ARM conversion.md index e19fd5116b..6c8690b8ee 100644 --- a/docs/wiki/Interoperability - Bicep to ARM conversion.md +++ b/docs/wiki/Interoperability - Bicep to ARM conversion.md @@ -5,7 +5,7 @@ However, for users who still prefer using ARM templates over Bicep, the CARML li This page documents the conversion utility and how to use it. -> **NOTE:** As Bicep & ARM template files work slightly different (e.g., references as specified differently), the ReadMe we generate out of them using the [`/utilities/tools/Set-ModuleReadMe.ps1`](https://github.com/Azure/ResourceModules/blob/main/utilities/tools/Set-ModuleReadMe.ps1) utility may look differently. To this end, make sure to regenerate all ReadMEs after you converted the repository from Bicep to ARM. If you don't, the Pester tests in the pipeline may fail when reviewing the ReadMEs. +> **NOTE:** As Bicep & ARM template files work slightly different (e.g., references as specified differently), the ReadMe we generate out of them using the [`/utilities/tools/Set-Module.ps1`](https://github.com/Azure/ResourceModules/blob/main/utilities/tools/Set-Module.ps1) utility may look differently. To this end, make sure to regenerate all ReadMEs after you converted the repository from Bicep to ARM. If you don't, the Pester tests in the pipeline may fail when reviewing the ReadMEs. --- diff --git a/docs/wiki/The CI environment - Static validation.md b/docs/wiki/The CI environment - Static validation.md index 6a89edeb5d..483660f8c2 100644 --- a/docs/wiki/The CI environment - Static validation.md +++ b/docs/wiki/The CI environment - Static validation.md @@ -35,15 +35,6 @@ The following activities are performed by the [`utilities/pipelines/staticValida - **Module tests** - **Readme content tests** 1. `README.md` file should not be empty. - 1. `README.md` file should contain these sections in order: Navigation, Resource Types, Parameters, Outputs, Cross-referenced modules, Deployment examples. - 1. Resources section should contain all resources from the template file. - 1. Resources section should not contain more resources than the template file. - 1. Parameters section should contain a table for each existing parameter category in the following order: Required, Conditional, Optional, Generated. - 1. Parameter tables should provide columns in the following order: Parameter Name, Type, Default Value, Allowed Values, Description. Each column should be present unless empty for all the rows. - 1. Parameters section should contain all parameters from the template file. - 1. Outputs section should contain a table with these column names in order: Output Name, Type. - 1. Output section should contain all outputs defined in the template file. - 1. Dependencies section should contain all cross-references defined in the template file. 1. `Set-ModuleReadMe` script should not apply any updates. - **Compiled ARM template tests** 1. Compiled ARM template should be latest. diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 9cbb357cc0..09691d5115 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -88,7 +88,7 @@ Microsoft.Sql └─ databases [child-module/resource] ``` -In this folder, we recommend to place the child resource-template alongside a ReadMe (that can be generated via the [Set-ModuleReadMe](./Contribution%20guide%20-%20Generate%20module%20Readme) script) and optionally further nest additional folders for it's child resources. +In this folder, we recommend to place the child resource-template alongside a ReadMe (that can be generated via the [Set-Module](./Contribution%20guide%20-%20Generate%20module%20Readme) script) and optionally further nest additional folders for it's child resources. The parent template should reference all it's direct child-templates to allow for an end-to-end deployment experience while allowing any user to also reference 'just' the child resource itself. In case of the SQL server example, the server template would reference the database module and encapsulate it in a loop to allow for the deployment of multiple databases. For example diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index 45310e5723..6df70643ed 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index fca50dcd19..89ea3e1a49 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Active Directory Domain Services (AADDS). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,81 +20,27 @@ This module deploys an Azure Active Directory Domain Services (AADDS). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `domainName` | string | The domain name specific to the Azure ADDS service. | - -**Conditional parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalRecipients` | array | `[]` | | The email recipient value to receive alerts. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainConfigurationType` | string | `'FullySynced'` | `[FullySynced, ResourceTrusting]` | The value is to provide domain configuration type. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `externalAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | -| `filteredSync` | string | `'Enabled'` | | The value is to synchronize scoped users and groups. | -| `kerberosArmoring` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | -| `kerberosRc4Encryption` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable Kerberos requests that use RC4 encryption. | -| `ldaps` | string | `'Enabled'` | `[Disabled, Enabled]` | A flag to determine whether or not Secure LDAP is enabled or disabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Azure ADDS Services. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[parameters('domainName')]` | | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | -| `notifyDcAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the DC Admins. | -| `notifyGlobalAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the Global Admins. | -| `ntlmV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using NTLM v1. | -| `replicaSets` | array | `[]` | | Additional replica set for the managed domain. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Enterprise, Premium, Standard]` | The name of the SKU specific to Azure ADDS Services. | -| `syncNtlmPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable synchronized users to use NTLM authentication. | -| `syncOnPremPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable on-premises users to authenticate against managed domain. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tlsV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using TLSv1. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | -| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | -| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | - -## Cross-referenced modules - -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/aad.domain-service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module domainService './aad/domain-service/main.bicep' = { +module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aaddscom' params: { // Required parameters @@ -203,6 +149,282 @@ module domainService './aad/domain-service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`domainName`](#parameter-domainname) | string | The domain name specific to the Azure ADDS service. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`pfxCertificate`](#parameter-pfxcertificate) | securestring | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | +| [`pfxCertificatePassword`](#parameter-pfxcertificatepassword) | securestring | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalRecipients`](#parameter-additionalrecipients) | array | The email recipient value to receive alerts. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`domainConfigurationType`](#parameter-domainconfigurationtype) | string | The value is to provide domain configuration type. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`externalAccess`](#parameter-externalaccess) | string | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | +| [`filteredSync`](#parameter-filteredsync) | string | The value is to synchronize scoped users and groups. | +| [`kerberosArmoring`](#parameter-kerberosarmoring) | string | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | +| [`kerberosRc4Encryption`](#parameter-kerberosrc4encryption) | string | The value is to enable Kerberos requests that use RC4 encryption. | +| [`ldaps`](#parameter-ldaps) | string | A flag to determine whether or not Secure LDAP is enabled or disabled. | +| [`location`](#parameter-location) | string | The location to deploy the Azure ADDS Services. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`name`](#parameter-name) | string | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | +| [`notifyDcAdmins`](#parameter-notifydcadmins) | string | The value is to notify the DC Admins. | +| [`notifyGlobalAdmins`](#parameter-notifyglobaladmins) | string | The value is to notify the Global Admins. | +| [`ntlmV1`](#parameter-ntlmv1) | string | The value is to enable clients making request using NTLM v1. | +| [`replicaSets`](#parameter-replicasets) | array | Additional replica set for the managed domain. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The name of the SKU specific to Azure ADDS Services. | +| [`syncNtlmPasswords`](#parameter-syncntlmpasswords) | string | The value is to enable synchronized users to use NTLM authentication. | +| [`syncOnPremPasswords`](#parameter-synconprempasswords) | string | The value is to enable on-premises users to authenticate against managed domain. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tlsV1`](#parameter-tlsv1) | string | The value is to enable clients making request using TLSv1. | + +### Parameter: `additionalRecipients` + +The email recipient value to receive alerts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainConfigurationType` + +The value is to provide domain configuration type. +- Required: No +- Type: string +- Default: `'FullySynced'` +- Allowed: `[FullySynced, ResourceTrusting]` + +### Parameter: `domainName` + +The domain name specific to the Azure ADDS service. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalAccess` + +The value is to enable the Secure LDAP for external services of Azure ADDS Services. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `filteredSync` + +The value is to synchronize scoped users and groups. +- Required: No +- Type: string +- Default: `'Enabled'` + +### Parameter: `kerberosArmoring` + +The value is to enable to provide a protected channel between the Kerberos client and the KDC. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `kerberosRc4Encryption` + +The value is to enable Kerberos requests that use RC4 encryption. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ldaps` + +A flag to determine whether or not Secure LDAP is enabled or disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +The location to deploy the Azure ADDS Services. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. +- Required: No +- Type: string +- Default: `[parameters('domainName')]` + +### Parameter: `notifyDcAdmins` + +The value is to notify the DC Admins. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `notifyGlobalAdmins` + +The value is to notify the Global Admins. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ntlmV1` + +The value is to enable clients making request using NTLM v1. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `pfxCertificate` + +The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `pfxCertificatePassword` + +The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `replicaSets` + +Additional replica set for the managed domain. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the SKU specific to Azure ADDS Services. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Enterprise, Premium, Standard]` + +### Parameter: `syncNtlmPasswords` + +The value is to enable synchronized users to use NTLM authentication. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `syncOnPremPasswords` + +The value is to enable on-premises users to authenticate against managed domain. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tlsV1` + +The value is to enable clients making request using TLSv1. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | +| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | +| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | + +## Cross-referenced modules + +_None_ + ## Notes ### Network Security Group (NSG) requirements for AADDS diff --git a/modules/aad/domain-service/main.json b/modules/aad/domain-service/main.json index 3070f9df0a..0f206dd1ce 100644 --- a/modules/aad/domain-service/main.json +++ b/modules/aad/domain-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5043907679276521852" + "version": "0.22.6.54827", + "templateHash": "10694057578652449276" }, "name": "Azure Active Directory Domain Services", "description": "This module deploys an Azure Active Directory Domain Services (AADDS).", @@ -410,8 +410,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4015790044658504688" + "version": "0.22.6.54827", + "templateHash": "4984019978971427023" } }, "parameters": { diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep index 0dcc74191b..527c3c1c71 100644 --- a/modules/analysis-services/server/.test/common/main.test.bicep +++ b/modules/analysis-services/server/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/analysis-services/server/.test/min/main.test.bicep b/modules/analysis-services/server/.test/min/main.test.bicep index 3c210ec288..e89ac48c07 100644 --- a/modules/analysis-services/server/.test/min/main.test.bicep +++ b/modules/analysis-services/server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 02f71b089c..bd06d1cc84 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -5,10 +5,10 @@ This module deploys an Analysis Services Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -19,63 +19,29 @@ This module deploys an Analysis Services Server. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Analysis Services server to create. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/analysis-services.server:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Engine, Service]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallSettings` | object | `{object}` | | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | | The total number of query replica scale-out instances. | -| `skuName` | string | `'S0'` | | The SKU name of the Azure Analysis Services server to create. | -| `tags` | object | `{object}` | | Tags of the resource. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Max](#example-2-max) +- [Using only defaults](#example-3-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the analysis service. | -| `resourceGroupName` | string | The resource group the analysis service was deployed into. | -| `resourceId` | string | The resource ID of the analysis service. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-asscom' params: { // Required parameters @@ -169,14 +135,14 @@ module server './analysis-services/server/main.bicep' = {

-

Example 2: Max

+### Example 2: _Max_
via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name)}-test-assmax' params: { // Required parameters @@ -302,14 +268,17 @@ module server './analysis-services/server/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-assmin' params: { // Required parameters @@ -346,3 +315,160 @@ module server './analysis-services/server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Analysis Services server to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallSettings`](#parameter-firewallsettings) | object | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuCapacity`](#parameter-skucapacity) | int | The total number of query replica scale-out instances. | +| [`skuName`](#parameter-skuname) | string | The SKU name of the Azure Analysis Services server to create. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Engine, Service]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallSettings` + +The inbound firewall rules to define on the server. If not specified, firewall is disabled. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Azure Analysis Services server to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +The total number of query replica scale-out instances. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The SKU name of the Azure Analysis Services server to create. +- Required: No +- Type: string +- Default: `'S0'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the analysis service. | +| `resourceGroupName` | string | The resource group the analysis service was deployed into. | +| `resourceId` | string | The resource ID of the analysis service. | + +## Cross-referenced modules + +_None_ diff --git a/modules/analysis-services/server/main.json b/modules/analysis-services/server/main.json index c54bb4c44b..9855c786cd 100644 --- a/modules/analysis-services/server/main.json +++ b/modules/analysis-services/server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1234109873215342159" + "version": "0.22.6.54827", + "templateHash": "5443858044342002150" }, "name": "Analysis Services Servers", "description": "This module deploys an Analysis Services Server.", @@ -268,8 +268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5938154849701330874" + "version": "0.22.6.54827", + "templateHash": "7231657665941581698" } }, "parameters": { diff --git a/modules/api-management/service/.test/common/main.test.bicep b/modules/api-management/service/.test/common/main.test.bicep index 7431d43d99..d00d8943f8 100644 --- a/modules/api-management/service/.test/common/main.test.bicep +++ b/modules/api-management/service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/api-management/service/.test/min/main.test.bicep b/modules/api-management/service/.test/min/main.test.bicep index b45bd98469..f4e9fd87a5 100644 --- a/modules/api-management/service/.test/min/main.test.bicep +++ b/modules/api-management/service/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index d9d56c5b77..9d2bea3e8d 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -4,14 +4,14 @@ This module deploys an API Management Service. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -34,91 +34,29 @@ This module deploys an API Management Service. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the API Management service. | -| `publisherEmail` | string | The email address of the owner of the service. | -| `publisherName` | string | The name of the owner of the service. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalLocations` | array | `[]` | | Additional datacenter locations of the API Management service. | -| `apis` | array | `[]` | | APIs. | -| `apiVersionSets` | array | `[]` | | API Version Sets. | -| `authorizationServers` | secureObject | `{object}` | | Authorization servers. | -| `backends` | array | `[]` | | Backends. | -| `caches` | array | `[]` | | Caches. | -| `certificates` | array | `[]` | | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | -| `customProperties` | object | `{object}` | | Custom properties of the API Management service. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, GatewayLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableGateway` | bool | `False` | | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | -| `enableClientCertificate` | bool | `False` | | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hostnameConfigurations` | array | `[]` | | Custom hostname configuration of the API Management service. | -| `identityProviders` | array | `[]` | | Identity providers. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minApiVersion` | string | `''` | | Limit control plane API calls to API Management service with version equal to or newer than this value. | -| `namedValues` | array | `[]` | | Named values. | -| `newGuidValue` | string | `[newGuid()]` | | Necessary to create a new GUID. | -| `notificationSenderEmail` | string | `'apimgmt-noreply@mail.windowsazure.com'` | | The notification sender email address for the service. | -| `policies` | array | `[]` | | Policies. | -| `portalsettings` | array | `[]` | | Portal settings. | -| `products` | array | `[]` | | Products. | -| `restore` | bool | `False` | | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Developer'` | `[Basic, Consumption, Developer, Premium, Standard]` | The pricing tier of this API Management service. | -| `skuCount` | int | `1` | `[1, 2]` | The instance size of this API Management service. | -| `subnetResourceId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | -| `subscriptions` | array | `[]` | | Subscriptions. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkType` | string | `'None'` | `[External, Internal, None]` | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | -| `zones` | array | `[]` | | A list of availability zones denoting where the resource needs to come from. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the API management service. | -| `resourceGroupName` | string | The resource group the API management service was deployed into. | -| `resourceId` | string | The resource ID of the API management service. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/api-management.service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Max](#example-2-max) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apiscom' params: { // Required parameters @@ -252,14 +190,14 @@ module service './api-management/service/main.bicep' = {

-

Example 2: Max

+### Example 2: _Max_
via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apismax' params: { // Required parameters @@ -601,14 +539,17 @@ module service './api-management/service/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apismin' params: { // Required parameters @@ -655,6 +596,380 @@ module service './api-management/service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the API Management service. | +| [`publisherEmail`](#parameter-publisheremail) | string | The email address of the owner of the service. | +| [`publisherName`](#parameter-publishername) | string | The name of the owner of the service. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalLocations`](#parameter-additionallocations) | array | Additional datacenter locations of the API Management service. | +| [`apis`](#parameter-apis) | array | APIs. | +| [`apiVersionSets`](#parameter-apiversionsets) | array | API Version Sets. | +| [`authorizationServers`](#parameter-authorizationservers) | secureObject | Authorization servers. | +| [`backends`](#parameter-backends) | array | Backends. | +| [`caches`](#parameter-caches) | array | Caches. | +| [`certificates`](#parameter-certificates) | array | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | +| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableGateway`](#parameter-disablegateway) | bool | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | +| [`enableClientCertificate`](#parameter-enableclientcertificate) | bool | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hostnameConfigurations`](#parameter-hostnameconfigurations) | array | Custom hostname configuration of the API Management service. | +| [`identityProviders`](#parameter-identityproviders) | array | Identity providers. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minApiVersion`](#parameter-minapiversion) | string | Limit control plane API calls to API Management service with version equal to or newer than this value. | +| [`namedValues`](#parameter-namedvalues) | array | Named values. | +| [`newGuidValue`](#parameter-newguidvalue) | string | Necessary to create a new GUID. | +| [`notificationSenderEmail`](#parameter-notificationsenderemail) | string | The notification sender email address for the service. | +| [`policies`](#parameter-policies) | array | Policies. | +| [`portalsettings`](#parameter-portalsettings) | array | Portal settings. | +| [`products`](#parameter-products) | array | Products. | +| [`restore`](#parameter-restore) | bool | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The pricing tier of this API Management service. | +| [`skuCount`](#parameter-skucount) | int | The instance size of this API Management service. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | +| [`subscriptions`](#parameter-subscriptions) | array | Subscriptions. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualNetworkType`](#parameter-virtualnetworktype) | string | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | + +### Parameter: `additionalLocations` + +Additional datacenter locations of the API Management service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apis` + +APIs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiVersionSets` + +API Version Sets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authorizationServers` + +Authorization servers. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `backends` + +Backends. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `caches` + +Caches. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `certificates` + +List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customProperties` + +Custom properties of the API Management service. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, GatewayLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableGateway` + +Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableClientCertificate` + +Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostnameConfigurations` + +Custom hostname configuration of the API Management service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `identityProviders` + +Identity providers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minApiVersion` + +Limit control plane API calls to API Management service with version equal to or newer than this value. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the API Management service. +- Required: Yes +- Type: string + +### Parameter: `namedValues` + +Named values. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `newGuidValue` + +Necessary to create a new GUID. +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `notificationSenderEmail` + +The notification sender email address for the service. +- Required: No +- Type: string +- Default: `'apimgmt-noreply@mail.windowsazure.com'` + +### Parameter: `policies` + +Policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `portalsettings` + +Portal settings. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `products` + +Products. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publisherEmail` + +The email address of the owner of the service. +- Required: Yes +- Type: string + +### Parameter: `publisherName` + +The name of the owner of the service. +- Required: Yes +- Type: string + +### Parameter: `restore` + +Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier of this API Management service. +- Required: No +- Type: string +- Default: `'Developer'` +- Allowed: `[Basic, Consumption, Developer, Premium, Standard]` + +### Parameter: `skuCount` + +The instance size of this API Management service. +- Required: No +- Type: int +- Default: `1` +- Allowed: `[1, 2]` + +### Parameter: `subnetResourceId` + +The full resource ID of a subnet in a virtual network to deploy the API Management service in. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptions` + +Subscriptions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkType` + +The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[External, Internal, None]` + +### Parameter: `zones` + +A list of availability zones denoting where the resource needs to come from. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the API management service. | +| `resourceGroupName` | string | The resource group the API management service was deployed into. | +| `resourceId` | string | The resource ID of the API management service. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `apiManagementServicePolicy` diff --git a/modules/api-management/service/api-version-set/README.md b/modules/api-management/service/api-version-set/README.md index 675ca80d79..3be54ecd44 100644 --- a/modules/api-management/service/api-version-set/README.md +++ b/modules/api-management/service/api-version-set/README.md @@ -19,22 +19,49 @@ This module deploys an API Management Service API Version Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'default'` | API Version set name. | -| `properties` | object | `{object}` | API Version set properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | API Version set name. | +| [`properties`](#parameter-properties) | object | API Version set properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +API Version set name. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `properties` + +API Version set properties. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API Version set. | | `resourceGroupName` | string | The resource group the API Version set was deployed into. | diff --git a/modules/api-management/service/api-version-set/main.json b/modules/api-management/service/api-version-set/main.json index f09d56ff92..1f27892ce2 100644 --- a/modules/api-management/service/api-version-set/main.json +++ b/modules/api-management/service/api-version-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9352626903654043411" + "version": "0.22.6.54827", + "templateHash": "12233980723609740158" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", diff --git a/modules/api-management/service/api/README.md b/modules/api-management/service/api/README.md index 2390fc6a17..a9cd300c66 100644 --- a/modules/api-management/service/api/README.md +++ b/modules/api-management/service/api/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service API. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,47 +20,214 @@ This module deploys an API Management Service API. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `displayName` | string | API name. Must be 1 to 300 characters long. | -| `name` | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | -| `path` | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | +| [`displayName`](#parameter-displayname) | string | API name. Must be 1 to 300 characters long. | +| [`name`](#parameter-name) | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | +| [`path`](#parameter-path) | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `apiDescription` | string | `''` | | Description of the API. May include HTML formatting tags. | -| `apiRevision` | string | `''` | | Describes the Revision of the API. If no value is provided, default revision 1 is created. | -| `apiRevisionDescription` | string | `''` | | Description of the API Revision. | -| `apiType` | string | `'http'` | `[graphql, http, soap, websocket]` | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | -| `apiVersion` | string | `''` | | Indicates the Version identifier of the API if the API is versioned. | -| `apiVersionDescription` | string | `''` | | Description of the API Version. | -| `apiVersionSetId` | string | `''` | | Indicates the Version identifier of the API version set. | -| `authenticationSettings` | object | `{object}` | | Collection of authentication settings included into this API. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'openapi'` | `[openapi, openapi-link, openapi+json, openapi+json-link, swagger-json, swagger-link-json, wadl-link-json, wadl-xml, wsdl, wsdl-link]` | Format of the Content in which the API is getting imported. | -| `isCurrent` | bool | `True` | | Indicates if API revision is current API revision. | -| `policies` | array | `[]` | | Array of Policies to apply to the Service API. | -| `protocols` | array | `[https]` | | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | -| `serviceUrl` | string | `''` | | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | -| `sourceApiId` | string | `''` | | API identifier of the source API. | -| `subscriptionKeyParameterNames` | object | `{object}` | | Protocols over which API is made available. | -| `subscriptionRequired` | bool | `False` | | Specifies whether an API or Product subscription is required for accessing the API. | -| `type` | string | `'http'` | `[graphql, http, soap, websocket]` | Type of API. | -| `value` | string | `''` | | Content value when Importing an API. | -| `wsdlSelector` | object | `{object}` | | Criteria to limit import of WSDL to a subset of the document. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiDescription`](#parameter-apidescription) | string | Description of the API. May include HTML formatting tags. | +| [`apiRevision`](#parameter-apirevision) | string | Describes the Revision of the API. If no value is provided, default revision 1 is created. | +| [`apiRevisionDescription`](#parameter-apirevisiondescription) | string | Description of the API Revision. | +| [`apiType`](#parameter-apitype) | string | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | +| [`apiVersion`](#parameter-apiversion) | string | Indicates the Version identifier of the API if the API is versioned. | +| [`apiVersionDescription`](#parameter-apiversiondescription) | string | Description of the API Version. | +| [`apiVersionSetId`](#parameter-apiversionsetid) | string | Indicates the Version identifier of the API version set. | +| [`authenticationSettings`](#parameter-authenticationsettings) | object | Collection of authentication settings included into this API. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the Content in which the API is getting imported. | +| [`isCurrent`](#parameter-iscurrent) | bool | Indicates if API revision is current API revision. | +| [`policies`](#parameter-policies) | array | Array of Policies to apply to the Service API. | +| [`protocols`](#parameter-protocols) | array | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | +| [`serviceUrl`](#parameter-serviceurl) | string | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | +| [`sourceApiId`](#parameter-sourceapiid) | string | API identifier of the source API. | +| [`subscriptionKeyParameterNames`](#parameter-subscriptionkeyparameternames) | object | Protocols over which API is made available. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Specifies whether an API or Product subscription is required for accessing the API. | +| [`type`](#parameter-type) | string | Type of API. | +| [`value`](#parameter-value) | string | Content value when Importing an API. | +| [`wsdlSelector`](#parameter-wsdlselector) | object | Criteria to limit import of WSDL to a subset of the document. | + +### Parameter: `apiDescription` + +Description of the API. May include HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apiRevision` + +Describes the Revision of the API. If no value is provided, default revision 1 is created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiRevisionDescription` + +Description of the API Revision. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiType` + +Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. +- Required: No +- Type: string +- Default: `'http'` +- Allowed: `[graphql, http, soap, websocket]` + +### Parameter: `apiVersion` + +Indicates the Version identifier of the API if the API is versioned. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiVersionDescription` + +Description of the API Version. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiVersionSetId` + +Indicates the Version identifier of the API version set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `authenticationSettings` + +Collection of authentication settings included into this API. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `displayName` + +API name. Must be 1 to 300 characters long. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the Content in which the API is getting imported. +- Required: No +- Type: string +- Default: `'openapi'` +- Allowed: `[openapi, openapi-link, openapi+json, openapi+json-link, swagger-json, swagger-link-json, wadl-link-json, wadl-xml, wsdl, wsdl-link]` + +### Parameter: `isCurrent` + +Indicates if API revision is current API revision. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. +- Required: Yes +- Type: string + +### Parameter: `path` + +Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. +- Required: Yes +- Type: string + +### Parameter: `policies` + +Array of Policies to apply to the Service API. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `protocols` + +Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. +- Required: No +- Type: array +- Default: `[https]` + +### Parameter: `serviceUrl` + +Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceApiId` + +API identifier of the source API. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionKeyParameterNames` + +Protocols over which API is made available. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `subscriptionRequired` + +Specifies whether an API or Product subscription is required for accessing the API. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `type` + +Type of API. +- Required: No +- Type: string +- Default: `'http'` +- Allowed: `[graphql, http, soap, websocket]` + +### Parameter: `value` + +Content value when Importing an API. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `wsdlSelector` + +Criteria to limit import of WSDL to a subset of the document. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service API. | | `resourceGroupName` | string | The resource group the API management service API was deployed to. | diff --git a/modules/api-management/service/api/main.json b/modules/api-management/service/api/main.json index 08c998bf80..f150d2bcb8 100644 --- a/modules/api-management/service/api/main.json +++ b/modules/api-management/service/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9074052005199170712" + "version": "0.22.6.54827", + "templateHash": "17340528539230351720" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -284,8 +284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5031714372762112092" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/modules/api-management/service/api/policy/README.md b/modules/api-management/service/api/policy/README.md index 3696e336ba..969678d876 100644 --- a/modules/api-management/service/api/policy/README.md +++ b/modules/api-management/service/api/policy/README.md @@ -19,29 +19,69 @@ This module deploys an API Management Service API Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `value` | string | Contents of the Policy as defined by the format. | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `apiName` | string | The name of the parent API. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiName`](#parameter-apiname) | string | The name of the parent API. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'xml'` | `[rawxml, rawxml-link, xml, xml-link]` | Format of the policyContent. | -| `name` | string | `'policy'` | | The name of the policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apiName` + +The name of the parent API. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the policyContent. +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: `[rawxml, rawxml-link, xml, xml-link]` + +### Parameter: `name` + +The name of the policy. +- Required: No +- Type: string +- Default: `'policy'` + +### Parameter: `value` + +Contents of the Policy as defined by the format. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API policy. | | `resourceGroupName` | string | The resource group the API policy was deployed into. | diff --git a/modules/api-management/service/api/policy/main.json b/modules/api-management/service/api/policy/main.json index 76457b0c2f..02322fa340 100644 --- a/modules/api-management/service/api/policy/main.json +++ b/modules/api-management/service/api/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5031714372762112092" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/modules/api-management/service/authorization-server/README.md b/modules/api-management/service/authorization-server/README.md index a875ea1259..f10abac911 100644 --- a/modules/api-management/service/authorization-server/README.md +++ b/modules/api-management/service/authorization-server/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Authorization Server. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,41 +19,161 @@ This module deploys an API Management Service Authorization Server. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `authorizationEndpoint` | string | OAuth authorization endpoint. See . | -| `clientId` | securestring | Client or app ID registered with this authorization server. | -| `clientSecret` | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | -| `grantTypes` | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | -| `name` | string | Identifier of the authorization server. | +| [`authorizationEndpoint`](#parameter-authorizationendpoint) | string | OAuth authorization endpoint. See . | +| [`clientId`](#parameter-clientid) | securestring | Client or app ID registered with this authorization server. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| [`grantTypes`](#parameter-granttypes) | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | +| [`name`](#parameter-name) | string | Identifier of the authorization server. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `authorizationMethods` | array | `[GET]` | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | -| `bearerTokenSendingMethods` | array | `[authorizationHeader]` | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | -| `clientAuthenticationMethod` | array | `[Basic]` | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | -| `clientRegistrationEndpoint` | string | `''` | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | -| `defaultScope` | string | `''` | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `resourceOwnerPassword` | string | `''` | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | -| `resourceOwnerUsername` | string | `''` | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | -| `serverDescription` | string | `''` | Description of the authorization server. Can contain HTML formatting tags. | -| `supportState` | bool | `False` | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | -| `tokenBodyParameters` | array | `[]` | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | -| `tokenEndpoint` | string | `''` | OAuth token endpoint. Contains absolute URI to entity being referenced. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationMethods`](#parameter-authorizationmethods) | array | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | +| [`bearerTokenSendingMethods`](#parameter-bearertokensendingmethods) | array | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | +| [`clientAuthenticationMethod`](#parameter-clientauthenticationmethod) | array | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | +| [`clientRegistrationEndpoint`](#parameter-clientregistrationendpoint) | string | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | +| [`defaultScope`](#parameter-defaultscope) | string | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`resourceOwnerPassword`](#parameter-resourceownerpassword) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | +| [`resourceOwnerUsername`](#parameter-resourceownerusername) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | +| [`serverDescription`](#parameter-serverdescription) | string | Description of the authorization server. Can contain HTML formatting tags. | +| [`supportState`](#parameter-supportstate) | bool | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | +| [`tokenBodyParameters`](#parameter-tokenbodyparameters) | array | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | +| [`tokenEndpoint`](#parameter-tokenendpoint) | string | OAuth token endpoint. Contains absolute URI to entity being referenced. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authorizationEndpoint` + +OAuth authorization endpoint. See . +- Required: Yes +- Type: string + +### Parameter: `authorizationMethods` + +HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. +- Required: No +- Type: array +- Default: `[GET]` + +### Parameter: `bearerTokenSendingMethods` + +Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. +- Required: No +- Type: array +- Default: `[authorizationHeader]` + +### Parameter: `clientAuthenticationMethod` + +Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. +- Required: No +- Type: array +- Default: `[Basic]` + +### Parameter: `clientId` + +Client or app ID registered with this authorization server. +- Required: Yes +- Type: securestring + +### Parameter: `clientRegistrationEndpoint` + +Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. +- Required: Yes +- Type: securestring + +### Parameter: `defaultScope` + +Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `grantTypes` + +Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. +- Required: Yes +- Type: array + +### Parameter: `name` + +Identifier of the authorization server. +- Required: Yes +- Type: string + +### Parameter: `resourceOwnerPassword` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceOwnerUsername` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serverDescription` + +Description of the authorization server. Can contain HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportState` + +If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tokenBodyParameters` + +Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tokenEndpoint` + +OAuth token endpoint. Contains absolute URI to entity being referenced. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service authorization server. | | `resourceGroupName` | string | The resource group the API management service authorization server was deployed into. | diff --git a/modules/api-management/service/authorization-server/main.json b/modules/api-management/service/authorization-server/main.json index d956cf25f5..09fc98f3c1 100644 --- a/modules/api-management/service/authorization-server/main.json +++ b/modules/api-management/service/authorization-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8155815469027179886" + "version": "0.22.6.54827", + "templateHash": "7988688467600216709" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", diff --git a/modules/api-management/service/backend/README.md b/modules/api-management/service/backend/README.md index 90025fec0f..a94b3f65e9 100644 --- a/modules/api-management/service/backend/README.md +++ b/modules/api-management/service/backend/README.md @@ -4,13 +4,13 @@ This module deploys an API Management Service Backend. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,35 +20,116 @@ This module deploys an API Management Service Backend. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Backend Name. | -| `url` | string | Runtime URL of the Backend. | +| [`name`](#parameter-name) | string | Backend Name. | +| [`url`](#parameter-url) | string | Runtime URL of the Backend. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `credentials` | object | `{object}` | Backend Credentials Contract Properties. | -| `description` | string | `''` | Backend Description. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `protocol` | string | `'http'` | Backend communication protocol. - http or soap. | -| `proxy` | object | `{object}` | Backend Proxy Contract Properties. | -| `resourceId` | string | `''` | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | -| `serviceFabricCluster` | object | `{object}` | Backend Service Fabric Cluster Properties. | -| `title` | string | `''` | Backend Title. | -| `tls` | object | `{object}` | Backend TLS Properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`credentials`](#parameter-credentials) | object | Backend Credentials Contract Properties. | +| [`description`](#parameter-description) | string | Backend Description. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`protocol`](#parameter-protocol) | string | Backend communication protocol. - http or soap. | +| [`proxy`](#parameter-proxy) | object | Backend Proxy Contract Properties. | +| [`resourceId`](#parameter-resourceid) | string | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | +| [`serviceFabricCluster`](#parameter-servicefabriccluster) | object | Backend Service Fabric Cluster Properties. | +| [`title`](#parameter-title) | string | Backend Title. | +| [`tls`](#parameter-tls) | object | Backend TLS Properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `credentials` + +Backend Credentials Contract Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `description` + +Backend Description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Backend Name. +- Required: Yes +- Type: string + +### Parameter: `protocol` + +Backend communication protocol. - http or soap. +- Required: No +- Type: string +- Default: `'http'` + +### Parameter: `proxy` + +Backend Proxy Contract Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceId` + +Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceFabricCluster` + +Backend Service Fabric Cluster Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `title` + +Backend Title. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tls` + +Backend TLS Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `url` + +Runtime URL of the Backend. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service backend. | | `resourceGroupName` | string | The resource group the API management service backend was deployed into. | diff --git a/modules/api-management/service/backend/main.json b/modules/api-management/service/backend/main.json index 17c351e22a..e10f1c81ee 100644 --- a/modules/api-management/service/backend/main.json +++ b/modules/api-management/service/backend/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1669725941639871055" + "version": "0.22.6.54827", + "templateHash": "3713166604792624713" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", diff --git a/modules/api-management/service/cache/README.md b/modules/api-management/service/cache/README.md index d6c9712e8e..3bc84b82c2 100644 --- a/modules/api-management/service/cache/README.md +++ b/modules/api-management/service/cache/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Cache. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,30 +19,75 @@ This module deploys an API Management Service Cache. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `connectionString` | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | -| `name` | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | -| `useFromLocation` | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | +| [`connectionString`](#parameter-connectionstring) | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | +| [`name`](#parameter-name) | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | +| [`useFromLocation`](#parameter-usefromlocation) | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | Cache description. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `resourceId` | string | `''` | Original uri of entity in external system cache points to. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Cache description. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`resourceId`](#parameter-resourceid) | string | Original uri of entity in external system cache points to. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `connectionString` + +Runtime connection string to cache. Can be referenced by a named value like so, {{}}. +- Required: Yes +- Type: string + +### Parameter: `description` + +Cache description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +Original uri of entity in external system cache points to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `useFromLocation` + +Location identifier to use cache from (should be either 'default' or valid Azure region identifier). +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service cache. | | `resourceGroupName` | string | The resource group the API management service cache was deployed into. | diff --git a/modules/api-management/service/cache/main.json b/modules/api-management/service/cache/main.json index 662943675f..80972f2881 100644 --- a/modules/api-management/service/cache/main.json +++ b/modules/api-management/service/cache/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17031319637382778576" + "version": "0.22.6.54827", + "templateHash": "4933923478377534151" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", diff --git a/modules/api-management/service/identity-provider/README.md b/modules/api-management/service/identity-provider/README.md index ee17802cdf..9246273650 100644 --- a/modules/api-management/service/identity-provider/README.md +++ b/modules/api-management/service/identity-provider/README.md @@ -19,37 +19,134 @@ This module deploys an API Management Service Identity Provider. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Identity provider name. | +| [`name`](#parameter-name) | string | Identity provider name. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `apiManagementServiceName` | string | | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `clientId` | string | `''` | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | -| `clientSecret` | securestring | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`clientId`](#parameter-clientid) | string | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedTenants` | array | `[]` | | List of Allowed Tenants when configuring Azure Active Directory login. - string. | -| `authority` | string | `''` | | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableIdentityProviders` | bool | `False` | | Used to enable the deployment of the identityProviders child resource. | -| `passwordResetPolicyName` | string | `''` | | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | -| `profileEditingPolicyName` | string | `''` | | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | -| `signInPolicyName` | string | `''` | | Signin Policy Name. Only applies to AAD B2C Identity Provider. | -| `signInTenant` | string | `''` | | The TenantId to use instead of Common when logging into Active Directory. | -| `signUpPolicyName` | string | `''` | | Signup Policy Name. Only applies to AAD B2C Identity Provider. | -| `type` | string | `'aad'` | `[aad, aadB2C, facebook, google, microsoft, twitter]` | Identity Provider Type identifier. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. | +| [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableIdentityProviders`](#parameter-enableidentityproviders) | bool | Used to enable the deployment of the identityProviders child resource. | +| [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | +| [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInTenant`](#parameter-signintenant) | string | The TenantId to use instead of Common when logging into Active Directory. | +| [`signUpPolicyName`](#parameter-signuppolicyname) | string | Signup Policy Name. Only applies to AAD B2C Identity Provider. | +| [`type`](#parameter-type) | string | Identity Provider Type identifier. | + +### Parameter: `allowedTenants` + +List of Allowed Tenants when configuring Azure Active Directory login. - string. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authority` + +OpenID Connect discovery endpoint hostname for AAD or AAD B2C. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientId` + +Client ID of the Application in the external Identity Provider. Required if identity provider is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableIdentityProviders` + +Used to enable the deployment of the identityProviders child resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `name` + +Identity provider name. +- Required: Yes +- Type: string + +### Parameter: `passwordResetPolicyName` + +Password Reset Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileEditingPolicyName` + +Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInPolicyName` + +Signin Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInTenant` + +The TenantId to use instead of Common when logging into Active Directory. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signUpPolicyName` + +Signup Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `type` + +Identity Provider Type identifier. +- Required: No +- Type: string +- Default: `'aad'` +- Allowed: `[aad, aadB2C, facebook, google, microsoft, twitter]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service identity provider. | | `resourceGroupName` | string | The resource group the API management service identity provider was deployed into. | diff --git a/modules/api-management/service/identity-provider/main.json b/modules/api-management/service/identity-provider/main.json index 12777acfdc..a5131f7311 100644 --- a/modules/api-management/service/identity-provider/main.json +++ b/modules/api-management/service/identity-provider/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17041253664250888675" + "version": "0.22.6.54827", + "templateHash": "13822474427587974385" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", diff --git a/modules/api-management/service/main.json b/modules/api-management/service/main.json index e6a0293d07..0eca3efbe5 100644 --- a/modules/api-management/service/main.json +++ b/modules/api-management/service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16139014256674828272" + "version": "0.22.6.54827", + "templateHash": "12476936893104821390" }, "name": "API Management Services", "description": "This module deploys an API Management Service.", @@ -501,8 +501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13643970540915525806" + "version": "0.22.6.54827", + "templateHash": "17340528539230351720" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -781,8 +781,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6059606679416480431" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", @@ -951,8 +951,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17009588020697963791" + "version": "0.22.6.54827", + "templateHash": "12233980723609740158" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", @@ -1091,8 +1091,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10093092890891107320" + "version": "0.22.6.54827", + "templateHash": "7988688467600216709" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", @@ -1339,8 +1339,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15587770490550622003" + "version": "0.22.6.54827", + "templateHash": "3713166604792624713" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", @@ -1533,8 +1533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12512964555569038583" + "version": "0.22.6.54827", + "templateHash": "4933923478377534151" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", @@ -1684,8 +1684,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5821693072491820871" + "version": "0.22.6.54827", + "templateHash": "13822474427587974385" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", @@ -1900,8 +1900,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3922343729155718081" + "version": "0.22.6.54827", + "templateHash": "3581707708141744852" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", @@ -2053,8 +2053,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "869969373482543080" + "version": "0.22.6.54827", + "templateHash": "1124223085084988655" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", @@ -2176,8 +2176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13858171935263007479" + "version": "0.22.6.54827", + "templateHash": "3650757020022888901" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", @@ -2316,8 +2316,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6198741217819703348" + "version": "0.22.6.54827", + "templateHash": "2758822676627115160" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -2465,8 +2465,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4854177138271927700" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -2579,8 +2579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8500094107587576986" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", @@ -2745,8 +2745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5104726614398406453" + "version": "0.22.6.54827", + "templateHash": "10733141744485121232" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", @@ -2908,8 +2908,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15706860856976307419" + "version": "0.22.6.54827", + "templateHash": "1194193235287598548" } }, "parameters": { diff --git a/modules/api-management/service/named-value/README.md b/modules/api-management/service/named-value/README.md index 2920b62283..d73832ca82 100644 --- a/modules/api-management/service/named-value/README.md +++ b/modules/api-management/service/named-value/README.md @@ -4,13 +4,13 @@ This module deploys an API Management Service Named Value. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,31 +20,84 @@ This module deploys an API Management Service Named Value. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `displayName` | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | -| `name` | string | Named value Name. | +| [`displayName`](#parameter-displayname) | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | +| [`name`](#parameter-name) | string | Named value Name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `keyVault` | object | `{object}` | KeyVault location details of the namedValue. | -| `secret` | bool | `False` | Determines whether the value is a secret and should be encrypted or not. Default value is false. | -| `tags` | array | `[]` | Tags that when provided can be used to filter the NamedValue list. - string. | -| `value` | string | `[newGuid()]` | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`keyVault`](#parameter-keyvault) | object | KeyVault location details of the namedValue. | +| [`secret`](#parameter-secret) | bool | Determines whether the value is a secret and should be encrypted or not. Default value is false. | +| [`tags`](#parameter-tags) | array | Tags that when provided can be used to filter the NamedValue list. - string. | +| [`value`](#parameter-value) | string | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `displayName` + +Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVault` + +KeyVault location details of the namedValue. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Named value Name. +- Required: Yes +- Type: string + +### Parameter: `secret` + +Determines whether the value is a secret and should be encrypted or not. Default value is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags that when provided can be used to filter the NamedValue list. - string. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `value` + +Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. +- Required: No +- Type: string +- Default: `[newGuid()]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the named value. | | `resourceGroupName` | string | The resource group the named value was deployed into. | diff --git a/modules/api-management/service/named-value/main.json b/modules/api-management/service/named-value/main.json index c75a4a3928..f47f644953 100644 --- a/modules/api-management/service/named-value/main.json +++ b/modules/api-management/service/named-value/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7537918735725646871" + "version": "0.22.6.54827", + "templateHash": "3581707708141744852" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", diff --git a/modules/api-management/service/policy/README.md b/modules/api-management/service/policy/README.md index 1e48186bc5..c9ca730024 100644 --- a/modules/api-management/service/policy/README.md +++ b/modules/api-management/service/policy/README.md @@ -19,28 +19,62 @@ This module deploys an API Management Service Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `value` | string | Contents of the Policy as defined by the format. | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'xml'` | `[rawxml, rawxml-link, xml, xml-link]` | Format of the policyContent. | -| `name` | string | `'policy'` | | The name of the policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the policyContent. +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: `[rawxml, rawxml-link, xml, xml-link]` + +### Parameter: `name` + +The name of the policy. +- Required: No +- Type: string +- Default: `'policy'` + +### Parameter: `value` + +Contents of the Policy as defined by the format. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service policy. | | `resourceGroupName` | string | The resource group the API management service policy was deployed into. | diff --git a/modules/api-management/service/policy/main.json b/modules/api-management/service/policy/main.json index 65580b17b4..32bd1ce4bc 100644 --- a/modules/api-management/service/policy/main.json +++ b/modules/api-management/service/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8348924989076719813" + "version": "0.22.6.54827", + "templateHash": "3650757020022888901" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", diff --git a/modules/api-management/service/portalsetting/README.md b/modules/api-management/service/portalsetting/README.md index e9c2e989a7..92c67fce9e 100644 --- a/modules/api-management/service/portalsetting/README.md +++ b/modules/api-management/service/portalsetting/README.md @@ -19,27 +19,54 @@ This module deploys an API Management Service Portal Setting. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[delegation, signin, signup]` | Portal setting name. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Portal setting name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `properties` | object | `{object}` | Portal setting properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`properties`](#parameter-properties) | object | Portal setting properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Portal setting name. +- Required: Yes +- Type: string +- Allowed: `[delegation, signin, signup]` + +### Parameter: `properties` + +Portal setting properties. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service portal setting. | | `resourceGroupName` | string | The resource group the API management service portal setting was deployed into. | diff --git a/modules/api-management/service/portalsetting/main.json b/modules/api-management/service/portalsetting/main.json index 174392d0e0..01f872a8e5 100644 --- a/modules/api-management/service/portalsetting/main.json +++ b/modules/api-management/service/portalsetting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11909172258549553650" + "version": "0.22.6.54827", + "templateHash": "1124223085084988655" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", diff --git a/modules/api-management/service/product/README.md b/modules/api-management/service/product/README.md index e5b15b55f4..03ba03cf8b 100644 --- a/modules/api-management/service/product/README.md +++ b/modules/api-management/service/product/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Product. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,34 +21,109 @@ This module deploys an API Management Service Product. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Product Name. | +| [`name`](#parameter-name) | string | Product Name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `apis` | array | `[]` | Array of Product APIs. | -| `approvalRequired` | bool | `False` | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | -| `description` | string | `''` | Product description. May include HTML formatting tags. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `groups` | array | `[]` | Array of Product Groups. | -| `state` | string | `'published'` | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | -| `subscriptionRequired` | bool | `False` | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | -| `subscriptionsLimit` | int | `1` | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | -| `terms` | string | `''` | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apis`](#parameter-apis) | array | Array of Product APIs. | +| [`approvalRequired`](#parameter-approvalrequired) | bool | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`description`](#parameter-description) | string | Product description. May include HTML formatting tags. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`groups`](#parameter-groups) | array | Array of Product Groups. | +| [`state`](#parameter-state) | string | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | +| [`subscriptionsLimit`](#parameter-subscriptionslimit) | int | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`terms`](#parameter-terms) | string | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apis` + +Array of Product APIs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `approvalRequired` + +Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `description` + +Product description. May include HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groups` + +Array of Product Groups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Product Name. +- Required: Yes +- Type: string + +### Parameter: `state` + +whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. +- Required: No +- Type: string +- Default: `'published'` + +### Parameter: `subscriptionRequired` + +Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `subscriptionsLimit` + +Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `terms` + +Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `apiResourceIds` | array | The Resources IDs of the API management service product APIs. | | `groupResourceIds` | array | The Resources IDs of the API management service product groups. | diff --git a/modules/api-management/service/product/api/README.md b/modules/api-management/service/product/api/README.md index fb2a3bcac8..3ae7df516b 100644 --- a/modules/api-management/service/product/api/README.md +++ b/modules/api-management/service/product/api/README.md @@ -19,27 +19,52 @@ This module deploys an API Management Service Product API. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the product API. | +| [`name`](#parameter-name) | string | Name of the product API. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `productName` | string | The name of the parent Product. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the product API. +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the product API. | | `resourceGroupName` | string | The resource group the product API was deployed into. | diff --git a/modules/api-management/service/product/api/main.json b/modules/api-management/service/product/api/main.json index 157c8181f7..0ecf6ebe3a 100644 --- a/modules/api-management/service/product/api/main.json +++ b/modules/api-management/service/product/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13243242177616383868" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", diff --git a/modules/api-management/service/product/group/README.md b/modules/api-management/service/product/group/README.md index e58f9a3739..943378da28 100644 --- a/modules/api-management/service/product/group/README.md +++ b/modules/api-management/service/product/group/README.md @@ -19,27 +19,52 @@ This module deploys an API Management Service Product Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the product group. | +| [`name`](#parameter-name) | string | Name of the product group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `productName` | string | The name of the parent Product. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the product group. +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the product group. | | `resourceGroupName` | string | The resource group the product group was deployed into. | diff --git a/modules/api-management/service/product/group/main.json b/modules/api-management/service/product/group/main.json index de5f8ef5c8..209c9c33d6 100644 --- a/modules/api-management/service/product/group/main.json +++ b/modules/api-management/service/product/group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11867976378445976169" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/modules/api-management/service/product/main.json b/modules/api-management/service/product/main.json index 172a816f4f..94a2143e2a 100644 --- a/modules/api-management/service/product/main.json +++ b/modules/api-management/service/product/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11659142408016307537" + "version": "0.22.6.54827", + "templateHash": "2758822676627115160" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -153,8 +153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13243242177616383868" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -267,8 +267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11867976378445976169" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/modules/api-management/service/subscription/README.md b/modules/api-management/service/subscription/README.md index 0195b16bfb..81c7f5c71b 100644 --- a/modules/api-management/service/subscription/README.md +++ b/modules/api-management/service/subscription/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Subscription. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,32 +19,93 @@ This module deploys an API Management Service Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Subscription name. | +| [`name`](#parameter-name) | string | Subscription name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowTracing` | bool | `True` | Determines whether tracing can be enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ownerId` | string | `''` | User (user ID path) for whom subscription is being created in form /users/{userId}. | -| `primaryKey` | string | `''` | Primary subscription key. If not specified during request key will be generated automatically. | -| `scope` | string | `'/apis'` | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | -| `secondaryKey` | string | `''` | Secondary subscription key. If not specified during request key will be generated automatically. | -| `state` | string | `''` | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowTracing`](#parameter-allowtracing) | bool | Determines whether tracing can be enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ownerId`](#parameter-ownerid) | string | User (user ID path) for whom subscription is being created in form /users/{userId}. | +| [`primaryKey`](#parameter-primarykey) | string | Primary subscription key. If not specified during request key will be generated automatically. | +| [`scope`](#parameter-scope) | string | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | +| [`secondaryKey`](#parameter-secondarykey) | string | Secondary subscription key. If not specified during request key will be generated automatically. | +| [`state`](#parameter-state) | string | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | + +### Parameter: `allowTracing` + +Determines whether tracing can be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Subscription name. +- Required: Yes +- Type: string + +### Parameter: `ownerId` + +User (user ID path) for whom subscription is being created in form /users/{userId}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `primaryKey` + +Primary subscription key. If not specified during request key will be generated automatically. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scope` + +Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". +- Required: No +- Type: string +- Default: `'/apis'` + +### Parameter: `secondaryKey` + +Secondary subscription key. If not specified during request key will be generated automatically. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `state` + +Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service subscription. | | `resourceGroupName` | string | The resource group the API management service subscription was deployed into. | diff --git a/modules/api-management/service/subscription/main.json b/modules/api-management/service/subscription/main.json index 2ca7d5862e..faefcb8783 100644 --- a/modules/api-management/service/subscription/main.json +++ b/modules/api-management/service/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15277659663277232184" + "version": "0.22.6.54827", + "templateHash": "10733141744485121232" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", diff --git a/modules/app-configuration/configuration-store/.test/common/main.test.bicep b/modules/app-configuration/configuration-store/.test/common/main.test.bicep index f7bf489277..9c5e54e5f8 100644 --- a/modules/app-configuration/configuration-store/.test/common/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/app-configuration/configuration-store/.test/min/main.test.bicep b/modules/app-configuration/configuration-store/.test/min/main.test.bicep index 141cbc3ee0..8770a7a8ca 100644 --- a/modules/app-configuration/configuration-store/.test/min/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index c29bc1d5bd..fbbd683f2b 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -4,13 +4,13 @@ This module deploys an App Configuration Store. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,75 +22,29 @@ This module deploys an App Configuration Store. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure App Configuration. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `createMode` | string | `'Default'` | `[Default, Recover]` | Indicates whether the configuration store need to be recovered. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit, HttpRequest]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `False` | | Disables all authentication methods other than AAD authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enablePurgeProtection` | bool | `False` | | Property specifying whether protection against purge is enabled for this configuration store. | -| `keyValues` | array | `[]` | | All Key / Values to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Free, Standard]` | Pricing tier of App Configuration. | -| `softDeleteRetentionInDays` | int | `1` | | The amount of time in days that the configuration store will be retained when it is soft deleted. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the app configuration. | -| `resourceGroupName` | string | The resource group the app configuration store was deployed into. | -| `resourceId` | string | The resource ID of the app configuration. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app-configuration.configuration-store:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-acccom' params: { // Required parameters @@ -234,14 +188,17 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-accmin' params: { // Required parameters @@ -279,14 +236,14 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-accpe' params: { // Required parameters @@ -385,3 +342,224 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure App Configuration. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`createMode`](#parameter-createmode) | string | Indicates whether the configuration store need to be recovered. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. | +| [`keyValues`](#parameter-keyvalues) | array | All Key / Values to create. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | Pricing tier of App Configuration. | +| [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | The amount of time in days that the configuration store will be retained when it is soft deleted. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `createMode` + +Indicates whether the configuration store need to be recovered. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, Recover]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Audit, HttpRequest]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Disables all authentication methods other than AAD authentication. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePurgeProtection` + +Property specifying whether protection against purge is enabled for this configuration store. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyValues` + +All Key / Values to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure App Configuration. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Pricing tier of App Configuration. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Free, Standard]` + +### Parameter: `softDeleteRetentionInDays` + +The amount of time in days that the configuration store will be retained when it is soft deleted. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the app configuration. | +| `resourceGroupName` | string | The resource group the app configuration store was deployed into. | +| `resourceId` | string | The resource ID of the app configuration. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/app-configuration/configuration-store/key-value/README.md b/modules/app-configuration/configuration-store/key-value/README.md index 4d8a0cc029..7aba86936e 100644 --- a/modules/app-configuration/configuration-store/key-value/README.md +++ b/modules/app-configuration/configuration-store/key-value/README.md @@ -4,12 +4,12 @@ This module deploys an App Configuration Store Key Value. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,29 +19,68 @@ This module deploys an App Configuration Store Key Value. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the key. | -| `value` | string | Name of the value. | +| [`name`](#parameter-name) | string | Name of the key. | +| [`value`](#parameter-value) | string | Name of the value. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appConfigurationName` | string | The name of the parent app configuration store. Required if the template is used in a standalone deployment. | +| [`appConfigurationName`](#parameter-appconfigurationname) | string | The name of the parent app configuration store. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `contentType` | string | `''` | The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`contentType`](#parameter-contenttype) | string | The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `appConfigurationName` + +The name of the parent app configuration store. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `contentType` + +The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the key. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `value` + +Name of the value. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the key values. | | `resourceGroupName` | string | The resource group the batch account was deployed into. | diff --git a/modules/app-configuration/configuration-store/key-value/main.json b/modules/app-configuration/configuration-store/key-value/main.json index 69e7caf120..bd6ba98307 100644 --- a/modules/app-configuration/configuration-store/key-value/main.json +++ b/modules/app-configuration/configuration-store/key-value/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18125120019454222929" + "version": "0.22.6.54827", + "templateHash": "16698134952769248111" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index 1442aabb14..9864464e86 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11782317267764138408" + "version": "0.22.6.54827", + "templateHash": "10110269901043104603" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -334,8 +334,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12355291254193028960" + "version": "0.22.6.54827", + "templateHash": "16698134952769248111" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", @@ -471,8 +471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3406373389314015592" + "version": "0.22.6.54827", + "templateHash": "17212866457936326905" } }, "parameters": { @@ -633,8 +633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -833,8 +833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -971,8 +971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/app/container-app/.test/common/main.test.bicep b/modules/app/container-app/.test/common/main.test.bicep index 3f215031b9..9667da2fbe 100644 --- a/modules/app/container-app/.test/common/main.test.bicep +++ b/modules/app/container-app/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/container-app/.test/min/main.test.bicep b/modules/app/container-app/.test/min/main.test.bicep index 66ba9c9e91..8969d7e6e3 100644 --- a/modules/app/container-app/.test/min/main.test.bicep +++ b/modules/app/container-app/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 941fff342b..870012dd19 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -5,10 +5,10 @@ This module deploys a Container App. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,80 +18,28 @@ This module deploys a Container App. | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `containers` | array | List of container definitions for the Container App. | -| `environmentId` | string | Resource ID of environment. | -| `name` | string | Name of the Container App. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeRevisionsMode` | string | `'Single'` | `[Multiple, Single]` | ActiveRevisionsMode controls how active revisions are handled for the Container app. | -| `customDomains` | array | `[]` | | Custom domain bindings for Container App hostnames. | -| `dapr` | object | `{object}` | | Dapr configuration for the Container App. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exposedPort` | int | `0` | | Exposed Port in containers for TCP traffic from ingress. | -| `ingressAllowInsecure` | bool | `True` | | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. | -| `ingressExternal` | bool | `True` | | Bool indicating if app exposes an external http endpoint. | -| `ingressTargetPort` | int | `80` | | Target Port in containers for traffic from ingress. | -| `ingressTransport` | string | `'auto'` | `[auto, http, http2, tcp]` | Ingress transport protocol. | -| `initContainersTemplate` | array | `[]` | | List of specialized containers that run before app containers. | -| `ipSecurityRestrictions` | array | `[]` | | Rules to restrict incoming IP address. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxInactiveRevisions` | int | `0` | | Max inactive revisions a Container App can have. | -| `registries` | array | `[]` | | Collection of private container registry credentials for containers used by the Container app. | -| `revisionSuffix` | string | `''` | | User friendly suffix that is appended to the revision name. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | -| `scaleMaxReplicas` | int | `1` | | Maximum number of container replicas. Defaults to 10 if not set. | -| `scaleMinReplicas` | int | `0` | | Minimum number of container replicas. | -| `scaleRules` | array | `[]` | | Scaling rules. | -| `secrets` | secureObject | `{object}` | | The secrets of the Container App. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trafficLabel` | string | `'label-1'` | | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. | -| `trafficLatestRevision` | bool | `True` | | Indicates that the traffic weight belongs to a latest stable revision. | -| `trafficRevisionName` | string | `''` | | Name of a revision. | -| `trafficWeight` | int | `100` | | Traffic weight assigned to a revision. | -| `userAssignedIdentities` | object | `{object}` | | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | -| `volumes` | array | `[]` | | List of volume definitions for the Container App. | -| `workloadProfileType` | string | `''` | | Workload profile type to pin for container app execution. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.container-app:1.0.0`. +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Outputs +### Example 1: _Using large parameter set_ -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Container App. | -| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. | -| `resourceId` | string | The resource ID of the Container App. | +This instance deploys the module with most of its features enabled. -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module containerApp './app/container-app/main.bicep' = { +module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mcappcom' params: { // Required parameters @@ -233,14 +181,17 @@ module containerApp './app/container-app/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module containerApp './app/container-app/main.bicep' = { +module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mcappmin' params: { // Required parameters @@ -317,3 +268,294 @@ module containerApp './app/container-app/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. | +| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. | +| [`name`](#parameter-name) | string | Name of the Container App. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`activeRevisionsMode`](#parameter-activerevisionsmode) | string | ActiveRevisionsMode controls how active revisions are handled for the Container app. | +| [`customDomains`](#parameter-customdomains) | array | Custom domain bindings for Container App hostnames. | +| [`dapr`](#parameter-dapr) | object | Dapr configuration for the Container App. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exposedPort`](#parameter-exposedport) | int | Exposed Port in containers for TCP traffic from ingress. | +| [`ingressAllowInsecure`](#parameter-ingressallowinsecure) | bool | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. | +| [`ingressExternal`](#parameter-ingressexternal) | bool | Bool indicating if app exposes an external http endpoint. | +| [`ingressTargetPort`](#parameter-ingresstargetport) | int | Target Port in containers for traffic from ingress. | +| [`ingressTransport`](#parameter-ingresstransport) | string | Ingress transport protocol. | +| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. | +| [`ipSecurityRestrictions`](#parameter-ipsecurityrestrictions) | array | Rules to restrict incoming IP address. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxInactiveRevisions`](#parameter-maxinactiverevisions) | int | Max inactive revisions a Container App can have. | +| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. | +| [`revisionSuffix`](#parameter-revisionsuffix) | string | User friendly suffix that is appended to the revision name. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | +| [`scaleMaxReplicas`](#parameter-scalemaxreplicas) | int | Maximum number of container replicas. Defaults to 10 if not set. | +| [`scaleMinReplicas`](#parameter-scaleminreplicas) | int | Minimum number of container replicas. | +| [`scaleRules`](#parameter-scalerules) | array | Scaling rules. | +| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`trafficLabel`](#parameter-trafficlabel) | string | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. | +| [`trafficLatestRevision`](#parameter-trafficlatestrevision) | bool | Indicates that the traffic weight belongs to a latest stable revision. | +| [`trafficRevisionName`](#parameter-trafficrevisionname) | string | Name of a revision. | +| [`trafficWeight`](#parameter-trafficweight) | int | Traffic weight assigned to a revision. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | +| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. | +| [`workloadProfileType`](#parameter-workloadprofiletype) | string | Workload profile type to pin for container app execution. | + +### Parameter: `activeRevisionsMode` + +ActiveRevisionsMode controls how active revisions are handled for the Container app. +- Required: No +- Type: string +- Default: `'Single'` +- Allowed: `[Multiple, Single]` + +### Parameter: `containers` + +List of container definitions for the Container App. +- Required: Yes +- Type: array + +### Parameter: `customDomains` + +Custom domain bindings for Container App hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dapr` + +Dapr configuration for the Container App. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `environmentId` + +Resource ID of environment. +- Required: Yes +- Type: string + +### Parameter: `exposedPort` + +Exposed Port in containers for TCP traffic from ingress. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `ingressAllowInsecure` + +Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ingressExternal` + +Bool indicating if app exposes an external http endpoint. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ingressTargetPort` + +Target Port in containers for traffic from ingress. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `ingressTransport` + +Ingress transport protocol. +- Required: No +- Type: string +- Default: `'auto'` +- Allowed: `[auto, http, http2, tcp]` + +### Parameter: `initContainersTemplate` + +List of specialized containers that run before app containers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipSecurityRestrictions` + +Rules to restrict incoming IP address. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxInactiveRevisions` + +Max inactive revisions a Container App can have. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `name` + +Name of the Container App. +- Required: Yes +- Type: string + +### Parameter: `registries` + +Collection of private container registry credentials for containers used by the Container app. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `revisionSuffix` + +User friendly suffix that is appended to the revision name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scaleMaxReplicas` + +Maximum number of container replicas. Defaults to 10 if not set. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `scaleMinReplicas` + +Minimum number of container replicas. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `scaleRules` + +Scaling rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +The secrets of the Container App. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trafficLabel` + +Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. +- Required: No +- Type: string +- Default: `'label-1'` + +### Parameter: `trafficLatestRevision` + +Indicates that the traffic weight belongs to a latest stable revision. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `trafficRevisionName` + +Name of a revision. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `trafficWeight` + +Traffic weight assigned to a revision. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `userAssignedIdentities` + +The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +List of volume definitions for the Container App. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `workloadProfileType` + +Workload profile type to pin for container app execution. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Container App. | +| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. | +| `resourceId` | string | The resource ID of the Container App. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/container-app/main.json b/modules/app/container-app/main.json index e2de42de12..1d501046a4 100644 --- a/modules/app/container-app/main.json +++ b/modules/app/container-app/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16754480041180669063" + "version": "0.22.6.54827", + "templateHash": "2221038631504030167" }, "name": "Container Apps", "description": "This module deploys a Container App.", @@ -371,8 +371,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9188415638960634445" + "version": "0.22.6.54827", + "templateHash": "6133741258710054291" } }, "parameters": { diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep index 076aa920a4..6a3a769e96 100644 --- a/modules/app/managed-environment/.test/common/main.test.bicep +++ b/modules/app/managed-environment/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/managed-environment/.test/min/main.test.bicep b/modules/app/managed-environment/.test/min/main.test.bicep index 6692258b4d..ceab992425 100644 --- a/modules/app/managed-environment/.test/min/main.test.bicep +++ b/modules/app/managed-environment/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index e432404e3a..19638dbf5b 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -5,10 +5,10 @@ This module deploys an App Managed Environment (also known as a Container App En ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,73 +18,28 @@ This module deploys an App Managed Environment (also known as a Container App En | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceResourceId` | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | -| `name` | string | Name of the Container Apps Managed Environment. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `infrastructureSubnetId` | string | `''` | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `certificatePassword` | securestring | `''` | | Password of the certificate used by the custom domain. | -| `certificateValue` | securestring | `''` | | Certificate to use for the custom domain. PFX or PEM. | -| `daprAIConnectionString` | securestring | `''` | | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | -| `daprAIInstrumentationKey` | securestring | `''` | | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | -| `dnsSuffix` | string | `''` | | DNS suffix for the environment domain. | -| `dockerBridgeCidr` | string | `''` | | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `enableDefaultTelemetry` | bool | | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `internal` | bool | `False` | | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logsDestination` | string | `'log-analytics'` | | Logs destination. | -| `platformReservedCidr` | string | `''` | | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `platformReservedDnsIP` | string | `''` | | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Consumption'` | `[Consumption, Premium]` | Managed environment SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `workloadProfiles` | array | `[]` | | Workload profiles configured for the Managed Environment. | -| `zoneRedundant` | bool | `False` | | Whether or not this Managed Environment is zone-redundant. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Managed Environment. | -| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | -| `resourceId` | string | The resource ID of the Managed Environment. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.managed-environment:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module managedEnvironment './app/managed-environment/main.bicep' = { +module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-amecom' params: { // Required parameters @@ -168,14 +123,17 @@ module managedEnvironment './app/managed-environment/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managedEnvironment './app/managed-environment/main.bicep' = { +module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-amemin' params: { // Required parameters @@ -214,3 +172,202 @@ module managedEnvironment './app/managed-environment/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`logAnalyticsWorkspaceResourceId`](#parameter-loganalyticsworkspaceresourceid) | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | +| [`name`](#parameter-name) | string | Name of the Container Apps Managed Environment. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`infrastructureSubnetId`](#parameter-infrastructuresubnetid) | string | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificatePassword`](#parameter-certificatepassword) | securestring | Password of the certificate used by the custom domain. | +| [`certificateValue`](#parameter-certificatevalue) | securestring | Certificate to use for the custom domain. PFX or PEM. | +| [`daprAIConnectionString`](#parameter-dapraiconnectionstring) | securestring | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | +| [`daprAIInstrumentationKey`](#parameter-dapraiinstrumentationkey) | securestring | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | +| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix for the environment domain. | +| [`dockerBridgeCidr`](#parameter-dockerbridgecidr) | string | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`logsDestination`](#parameter-logsdestination) | string | Logs destination. | +| [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | Managed environment SKU. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. | + +### Parameter: `certificatePassword` + +Password of the certificate used by the custom domain. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `certificateValue` + +Certificate to use for the custom domain. PFX or PEM. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIConnectionString` + +Application Insights connection string used by Dapr to export Service to Service communication telemetry. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIInstrumentationKey` + +Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `dnsSuffix` + +DNS suffix for the environment domain. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dockerBridgeCidr` + +CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: Yes +- Type: bool + +### Parameter: `infrastructureSubnetId` + +Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `internal` + +Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `logAnalyticsWorkspaceResourceId` + +Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). +- Required: Yes +- Type: string + +### Parameter: `logsDestination` + +Logs destination. +- Required: No +- Type: string +- Default: `'log-analytics'` + +### Parameter: `name` + +Name of the Container Apps Managed Environment. +- Required: Yes +- Type: string + +### Parameter: `platformReservedCidr` + +IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `platformReservedDnsIP` + +An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +Managed environment SKU. +- Required: No +- Type: string +- Default: `'Consumption'` +- Allowed: `[Consumption, Premium]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workloadProfiles` + +Workload profiles configured for the Managed Environment. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundant` + +Whether or not this Managed Environment is zone-redundant. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Managed Environment. | +| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | +| `resourceId` | string | The resource ID of the Managed Environment. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/managed-environment/main.json b/modules/app/managed-environment/main.json index a958ca3a6e..71407f0d6d 100644 --- a/modules/app/managed-environment/main.json +++ b/modules/app/managed-environment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14963884189492658840" + "version": "0.22.6.54827", + "templateHash": "3480452524372003572" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -264,8 +264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10028072894056989627" + "version": "0.22.6.54827", + "templateHash": "18101859194273235473" } }, "parameters": { diff --git a/modules/authorization/lock/.test/common/main.test.bicep b/modules/authorization/lock/.test/common/main.test.bicep index 197c3e06aa..aa9099f4a9 100644 --- a/modules/authorization/lock/.test/common/main.test.bicep +++ b/modules/authorization/lock/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md index 1555dae44e..6a17288433 100644 --- a/modules/authorization/lock/README.md +++ b/modules/authorization/lock/README.md @@ -5,10 +5,10 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,52 +16,27 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location for all resources. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | -| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | -| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the lock. | -| `resourceId` | string | The resource ID of the lock. | -| `scope` | string | The scope this lock applies to. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.lock:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module lock './authorization/lock/main.bicep' = { +module lock 'br:bicep/modules/authorization.lock:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-alcom' params: { // Required parameters @@ -106,3 +81,77 @@ module lock './authorization/lock/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. +- Required: No +- Type: string +- Default: `[subscription().id]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the lock. | +| `resourceId` | string | The resource ID of the lock. | +| `scope` | string | The scope this lock applies to. | + +## Cross-referenced modules + +_None_ diff --git a/modules/authorization/lock/main.json b/modules/authorization/lock/main.json index a6018e68bc..927dc1ae2c 100644 --- a/modules/authorization/lock/main.json +++ b/modules/authorization/lock/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15010949072500473441" + "version": "0.22.6.54827", + "templateHash": "15385346851879884120" }, "name": "Authorization Locks (All scopes)", "description": "This module deploys an Authorization Lock at a Subscription or Resource Group scope.", @@ -109,8 +109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15362884032350876286" + "version": "0.22.6.54827", + "templateHash": "876321567657394219" }, "name": "Authorization Locks (Subscription scope)", "description": "This module deploys an Authorization Lock at a Subscription scope.", @@ -239,8 +239,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10420976827552614779" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", diff --git a/modules/authorization/lock/resource-group/README.md b/modules/authorization/lock/resource-group/README.md index 146e48ed25..9fff1df214 100644 --- a/modules/authorization/lock/resource-group/README.md +++ b/modules/authorization/lock/resource-group/README.md @@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the lock. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the lock. +- Required: No +- Type: string +- Default: `[format('{0}-lock', parameters('level'))]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceGroupName` | string | The name of the resource group name the lock was applied to. | diff --git a/modules/authorization/lock/resource-group/main.json b/modules/authorization/lock/resource-group/main.json index 25b2ec1b99..903530da93 100644 --- a/modules/authorization/lock/resource-group/main.json +++ b/modules/authorization/lock/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7885747985110001606" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", diff --git a/modules/authorization/lock/subscription/README.md b/modules/authorization/lock/subscription/README.md index 35fe0fd8ca..56454213bb 100644 --- a/modules/authorization/lock/subscription/README.md +++ b/modules/authorization/lock/subscription/README.md @@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Subscription scope. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the lock. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the lock. +- Required: No +- Type: string +- Default: `[format('{0}-lock', parameters('level'))]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceId` | string | The resource ID of the lock. | diff --git a/modules/authorization/lock/subscription/main.json b/modules/authorization/lock/subscription/main.json index 5664616784..19ec31903c 100644 --- a/modules/authorization/lock/subscription/main.json +++ b/modules/authorization/lock/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10927394621764774821" + "version": "0.22.6.54827", + "templateHash": "876321567657394219" }, "name": "Authorization Locks (Subscription scope)", "description": "This module deploys an Authorization Lock at a Subscription scope.", diff --git a/modules/authorization/policy-assignment/README.md b/modules/authorization/policy-assignment/README.md index ff0ddb908a..d2906fcd0a 100644 --- a/modules/authorization/policy-assignment/README.md +++ b/modules/authorization/policy-assignment/README.md @@ -4,80 +4,43 @@ This module deploys a Policy Assignment at a Management Group, Subscription or R ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2022-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-06-01/policyAssignments) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `''` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-assignment:1.0.0`. +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | Policy Assignment Name. | -| `principalId` | string | Policy Assignment principal ID. | -| `resourceId` | string | Policy Assignment resource ID. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apamgcom' params: { // Required parameters @@ -273,14 +236,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apamgmin' params: { // Required parameters @@ -330,14 +293,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apargcom' params: { // Required parameters @@ -541,14 +504,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apargmin' params: { // Required parameters @@ -602,14 +565,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apasubcom' params: { // Required parameters @@ -809,14 +772,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apasubmin' params: { // Required parameters @@ -875,6 +838,184 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +The Target Scope for the Policy. The name of the resource group for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | Policy Assignment Name. | +| `principalId` | string | Policy Assignment principal ID. | +| `resourceId` | string | Policy Assignment resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-assignment/main.json b/modules/authorization/policy-assignment/main.json index 66bced0521..4b15a7c3ee 100644 --- a/modules/authorization/policy-assignment/main.json +++ b/modules/authorization/policy-assignment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13477192333915886863" + "version": "0.22.6.54827", + "templateHash": "10579624444479342334" }, "name": "Policy Assignments (All scopes)", "description": "This module deploys a Policy Assignment at a Management Group, Subscription or Resource Group scope.", @@ -226,8 +226,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15108071880274736880" + "version": "0.22.6.54827", + "templateHash": "14811948404877688716" }, "name": "Policy Assignments (Management Group scope)", "description": "This module deploys a Policy Assignment at a Management Group scope.", @@ -506,8 +506,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15303635224407962753" + "version": "0.22.6.54827", + "templateHash": "1296030047986147440" }, "name": "Policy Assignments (Subscription scope)", "description": "This module deploys a Policy Assignment at a Subscription scope.", @@ -786,8 +786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17736185251366823136" + "version": "0.22.6.54827", + "templateHash": "15032410491892224041" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", diff --git a/modules/authorization/policy-assignment/management-group/README.md b/modules/authorization/policy-assignment/management-group/README.md index 086b1d38ea..5bdeb7fe3c 100644 --- a/modules/authorization/policy-assignment/management-group/README.md +++ b/modules/authorization/policy-assignment/management-group/README.md @@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/management-group/main.json b/modules/authorization/policy-assignment/management-group/main.json index 1f346ad116..5041a99c35 100644 --- a/modules/authorization/policy-assignment/management-group/main.json +++ b/modules/authorization/policy-assignment/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8902545451587564927" + "version": "0.22.6.54827", + "templateHash": "14811948404877688716" }, "name": "Policy Assignments (Management Group scope)", "description": "This module deploys a Policy Assignment at a Management Group scope.", diff --git a/modules/authorization/policy-assignment/resource-group/README.md b/modules/authorization/policy-assignment/resource-group/README.md index 6ed90b07ac..fa03fd32ea 100644 --- a/modules/authorization/policy-assignment/resource-group/README.md +++ b/modules/authorization/policy-assignment/resource-group/README.md @@ -20,36 +20,162 @@ This module deploys a Policy Assignment at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/resource-group/main.json b/modules/authorization/policy-assignment/resource-group/main.json index 91b95356eb..65912a4b91 100644 --- a/modules/authorization/policy-assignment/resource-group/main.json +++ b/modules/authorization/policy-assignment/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18205418867751406787" + "version": "0.22.6.54827", + "templateHash": "15032410491892224041" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", diff --git a/modules/authorization/policy-assignment/subscription/README.md b/modules/authorization/policy-assignment/subscription/README.md index 26810db431..c861c6e6c7 100644 --- a/modules/authorization/policy-assignment/subscription/README.md +++ b/modules/authorization/policy-assignment/subscription/README.md @@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/subscription/main.json b/modules/authorization/policy-assignment/subscription/main.json index 24a4662eca..5d6deb533a 100644 --- a/modules/authorization/policy-assignment/subscription/main.json +++ b/modules/authorization/policy-assignment/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13568773713405945676" + "version": "0.22.6.54827", + "templateHash": "1296030047986147440" }, "name": "Policy Assignments (Subscription scope)", "description": "This module deploys a Policy Assignment at a Subscription scope.", diff --git a/modules/authorization/policy-definition/README.md b/modules/authorization/policy-definition/README.md index eea97f4ec3..97138d3db8 100644 --- a/modules/authorization/policy-definition/README.md +++ b/modules/authorization/policy-definition/README.md @@ -4,70 +4,40 @@ This module deploys a Policy Definition at a Management Group or Subscription sc ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | -| `subscriptionId` | string | `''` | | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Definition Name. | -| `resourceId` | string | Policy Definition resource ID. | -| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. | +## Usage examples -## Cross-referenced modules - -_None_ +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-definition:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Sub.Common](#example-3-subcommon) +- [Sub.Min](#example-4-submin) -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdmgcom' params: { // Required parameters @@ -215,14 +185,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdmgmin' params: { // Required parameters @@ -308,14 +278,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 3: Sub.Common

+### Example 3: _Sub.Common_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdsubcom' params: { // Required parameters @@ -463,14 +433,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 4: Sub.Min

+### Example 4: _Sub.Min_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdsubmin' params: { // Required parameters @@ -557,6 +527,118 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object + +### Parameter: `subscriptionId` + +The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Definition Name. | +| `resourceId` | string | Policy Definition resource ID. | +| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-definition/main.json b/modules/authorization/policy-definition/main.json index 2d366af87f..0667382c4a 100644 --- a/modules/authorization/policy-definition/main.json +++ b/modules/authorization/policy-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15749498802750084340" + "version": "0.22.6.54827", + "templateHash": "12398926446776214850" }, "name": "Policy Definitions (All scopes)", "description": "This module deploys a Policy Definition at a Management Group or Subscription scope.", @@ -156,8 +156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17859945353406314149" + "version": "0.22.6.54827", + "templateHash": "3632302304949681871" }, "name": "Policy Definitions (Management Group scope)", "description": "This module deploys a Policy Definition at a Management Group scope.", @@ -332,8 +332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7453988849629465072" + "version": "0.22.6.54827", + "templateHash": "15610043692526006499" }, "name": "Policy Definitions (Subscription scope)", "description": "This module deploys a Policy Definition at a Subscription scope.", diff --git a/modules/authorization/policy-definition/management-group/README.md b/modules/authorization/policy-definition/management-group/README.md index 01780427c6..d09b6aad3e 100644 --- a/modules/authorization/policy-definition/management-group/README.md +++ b/modules/authorization/policy-definition/management-group/README.md @@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Definition Name. | | `resourceId` | string | Policy Definition resource ID. | diff --git a/modules/authorization/policy-definition/management-group/main.json b/modules/authorization/policy-definition/management-group/main.json index c1d82a9803..0c99261e72 100644 --- a/modules/authorization/policy-definition/management-group/main.json +++ b/modules/authorization/policy-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14890815799488372081" + "version": "0.22.6.54827", + "templateHash": "3632302304949681871" }, "name": "Policy Definitions (Management Group scope)", "description": "This module deploys a Policy Definition at a Management Group scope.", diff --git a/modules/authorization/policy-definition/subscription/README.md b/modules/authorization/policy-definition/subscription/README.md index 2557236387..acb2ee448d 100644 --- a/modules/authorization/policy-definition/subscription/README.md +++ b/modules/authorization/policy-definition/subscription/README.md @@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Definition Name. | | `resourceId` | string | Policy Definition resource ID. | diff --git a/modules/authorization/policy-definition/subscription/main.json b/modules/authorization/policy-definition/subscription/main.json index 9d45f6df13..d765d1b498 100644 --- a/modules/authorization/policy-definition/subscription/main.json +++ b/modules/authorization/policy-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14434059777291440353" + "version": "0.22.6.54827", + "templateHash": "15610043692526006499" }, "name": "Policy Definitions (Subscription scope)", "description": "This module deploys a Policy Definition at a Subscription scope.", diff --git a/modules/authorization/policy-exemption/README.md b/modules/authorization/policy-exemption/README.md index 50aeb359a3..c7ed13229a 100644 --- a/modules/authorization/policy-exemption/README.md +++ b/modules/authorization/policy-exemption/README.md @@ -4,74 +4,42 @@ This module deploys a Policy Exemption at a Management Group, Subscription or Re ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyExemptions` | [2022-07-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-07-01-preview/policyExemptions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceGroupName` | string | `''` | | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | -| `subscriptionId` | string | `''` | | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Exemption Name. | -| `resourceId` | string | Policy Exemption resource ID. | -| `scope` | string | Policy Exemption Scope. | - -## Cross-referenced modules +## Usage examples -_None_ +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-exemption:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apemgcom' params: { // Required parameters @@ -177,14 +145,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apemgmin' params: { // Required parameters @@ -226,14 +194,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apergcom' params: { // Required parameters @@ -339,14 +307,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apergmin' params: { // Required parameters @@ -388,14 +356,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apesubcom' params: { // Required parameters @@ -501,14 +469,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apesubmin' params: { // Required parameters @@ -551,6 +519,151 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Exemption Name. | +| `resourceId` | string | Policy Exemption resource ID. | +| `scope` | string | Policy Exemption Scope. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-exemption/main.json b/modules/authorization/policy-exemption/main.json index a870d46d9b..37bb291bf4 100644 --- a/modules/authorization/policy-exemption/main.json +++ b/modules/authorization/policy-exemption/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7537469788100455482" + "version": "0.22.6.54827", + "templateHash": "5596643679633132129" }, "name": "Policy Exemptions (All scopes)", "description": "This module deploys a Policy Exemption at a Management Group, Subscription or Resource Group scope.", @@ -202,8 +202,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5811278633353778987" + "version": "0.22.6.54827", + "templateHash": "5606667569084267633" }, "name": "Policy Exemptions (Management Group scope)", "description": "This module deploys a Policy Exemption at a Management Group scope.", @@ -413,8 +413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16790622898117117515" + "version": "0.22.6.54827", + "templateHash": "10613705515536903891" }, "name": "Policy Exemptions (Subscription scope)", "description": "This module deploys a Policy Exemption at a Subscription scope.", @@ -621,8 +621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15066914920145194393" + "version": "0.22.6.54827", + "templateHash": "17689607806582642174" }, "name": "Policy Exemptions (Resource Group scope)", "description": "This module deploys a Policy Exemption at a Resource Group scope.", diff --git a/modules/authorization/policy-exemption/management-group/README.md b/modules/authorization/policy-exemption/management-group/README.md index 1bfb787eab..7cca1936a3 100644 --- a/modules/authorization/policy-exemption/management-group/README.md +++ b/modules/authorization/policy-exemption/management-group/README.md @@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceId` | string | Policy Exemption resource ID. | diff --git a/modules/authorization/policy-exemption/management-group/main.json b/modules/authorization/policy-exemption/management-group/main.json index 9d9e463ba8..8271a1ee56 100644 --- a/modules/authorization/policy-exemption/management-group/main.json +++ b/modules/authorization/policy-exemption/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17592627855612646241" + "version": "0.22.6.54827", + "templateHash": "5606667569084267633" }, "name": "Policy Exemptions (Management Group scope)", "description": "This module deploys a Policy Exemption at a Management Group scope.", diff --git a/modules/authorization/policy-exemption/resource-group/README.md b/modules/authorization/policy-exemption/resource-group/README.md index 7fd6faa68a..cc3f54c9b9 100644 --- a/modules/authorization/policy-exemption/resource-group/README.md +++ b/modules/authorization/policy-exemption/resource-group/README.md @@ -19,29 +19,106 @@ This module deploys a Policy Exemption at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceGroupName` | string | The name of the resource group the policy exemption was applied at. | diff --git a/modules/authorization/policy-exemption/resource-group/main.json b/modules/authorization/policy-exemption/resource-group/main.json index f9d5590f54..8672a1ff5d 100644 --- a/modules/authorization/policy-exemption/resource-group/main.json +++ b/modules/authorization/policy-exemption/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13048294777047698866" + "version": "0.22.6.54827", + "templateHash": "17689607806582642174" }, "name": "Policy Exemptions (Resource Group scope)", "description": "This module deploys a Policy Exemption at a Resource Group scope.", diff --git a/modules/authorization/policy-exemption/subscription/README.md b/modules/authorization/policy-exemption/subscription/README.md index 82e45d2349..8094b8371f 100644 --- a/modules/authorization/policy-exemption/subscription/README.md +++ b/modules/authorization/policy-exemption/subscription/README.md @@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceId` | string | Policy Exemption resource ID. | diff --git a/modules/authorization/policy-exemption/subscription/main.json b/modules/authorization/policy-exemption/subscription/main.json index 2418e1af36..b9bce72b18 100644 --- a/modules/authorization/policy-exemption/subscription/main.json +++ b/modules/authorization/policy-exemption/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5067037150154630010" + "version": "0.22.6.54827", + "templateHash": "10613705515536903891" }, "name": "Policy Exemptions (Subscription scope)", "description": "This module deploys a Policy Exemption at a Subscription scope.", diff --git a/modules/authorization/policy-set-definition/README.md b/modules/authorization/policy-set-definition/README.md index aba3a1620c..89f2a0fba8 100644 --- a/modules/authorization/policy-set-definition/README.md +++ b/modules/authorization/policy-set-definition/README.md @@ -4,69 +4,40 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group o ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policySetDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policySetDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | -| `subscriptionId` | string | `''` | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Set Definition Name. | -| `resourceId` | string | Policy Set Definition resource ID. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-set-definition:1.0.0`. -## Deployment examples +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Sub.Common](#example-3-subcommon) +- [Sub.Min](#example-4-submin) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdmgcom' params: { // Required parameters @@ -202,14 +173,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdmgmin' params: { // Required parameters @@ -273,14 +244,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 3: Sub.Common

+### Example 3: _Sub.Common_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdsubcom' params: { // Required parameters @@ -416,14 +387,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 4: Sub.Min

+### Example 4: _Sub.Min_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdsubmin' params: { // Required parameters @@ -488,6 +459,116 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array + +### Parameter: `subscriptionId` + +The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Set Definition Name. | +| `resourceId` | string | Policy Set Definition resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-set-definition/main.json b/modules/authorization/policy-set-definition/main.json index 4416cb72bf..d0051bf41a 100644 --- a/modules/authorization/policy-set-definition/main.json +++ b/modules/authorization/policy-set-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1831706179623308969" + "version": "0.22.6.54827", + "templateHash": "9153336425223705834" }, "name": "Policy Set Definitions (Initiatives) (All scopes)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group or Subscription scope.", @@ -146,8 +146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9278231745561513332" + "version": "0.22.6.54827", + "templateHash": "13574874097410910980" }, "name": "Policy Set Definitions (Initiatives) (Management Group scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.", @@ -305,8 +305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3357776167220688626" + "version": "0.22.6.54827", + "templateHash": "566743094418434146" }, "name": "Policy Set Definitions (Initiatives) (Subscription scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.", diff --git a/modules/authorization/policy-set-definition/management-group/README.md b/modules/authorization/policy-set-definition/management-group/README.md index 40de7bcd60..6e0a971597 100644 --- a/modules/authorization/policy-set-definition/management-group/README.md +++ b/modules/authorization/policy-set-definition/management-group/README.md @@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group s **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Set Definition Name. | | `resourceId` | string | Policy Set Definition resource ID. | diff --git a/modules/authorization/policy-set-definition/management-group/main.json b/modules/authorization/policy-set-definition/management-group/main.json index baa439be6e..9b627357b6 100644 --- a/modules/authorization/policy-set-definition/management-group/main.json +++ b/modules/authorization/policy-set-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1638152228410583836" + "version": "0.22.6.54827", + "templateHash": "13574874097410910980" }, "name": "Policy Set Definitions (Initiatives) (Management Group scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.", diff --git a/modules/authorization/policy-set-definition/subscription/README.md b/modules/authorization/policy-set-definition/subscription/README.md index 64b2597fe0..8b0f87ad46 100644 --- a/modules/authorization/policy-set-definition/subscription/README.md +++ b/modules/authorization/policy-set-definition/subscription/README.md @@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Subscription scope **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Set Definition Name. | | `resourceId` | string | Policy Set Definition resource ID. | diff --git a/modules/authorization/policy-set-definition/subscription/main.json b/modules/authorization/policy-set-definition/subscription/main.json index 430128e583..4f8ea43907 100644 --- a/modules/authorization/policy-set-definition/subscription/main.json +++ b/modules/authorization/policy-set-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8864751360907211482" + "version": "0.22.6.54827", + "templateHash": "566743094418434146" }, "name": "Policy Set Definitions (Initiatives) (Subscription scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.", diff --git a/modules/authorization/role-assignment/README.md b/modules/authorization/role-assignment/README.md index 005701544c..6f4fc01610 100644 --- a/modules/authorization/role-assignment/README.md +++ b/modules/authorization/role-assignment/README.md @@ -4,71 +4,42 @@ This module deploys a Role Assignment at a Management Group, Subscription or Res ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `resourceGroupName` | string | `''` | | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | -| `subscriptionId` | string | `''` | | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | - - -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The GUID of the Role Assignment. | -| `resourceId` | string | The resource ID of the Role Assignment. | -| `scope` | string | The scope this Role Assignment applies to. | - -## Cross-referenced modules - -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-assignment:1.0.0`. -## Deployment examples +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-aramgcom' params: { // Required parameters @@ -122,14 +93,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-aramgmin' params: { // Required parameters @@ -175,14 +146,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arargcom' params: { // Required parameters @@ -240,14 +211,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arargmin' params: { // Required parameters @@ -301,14 +272,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arasubcom' params: { // Required parameters @@ -362,14 +333,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arasubmin' params: { // Required parameters @@ -420,6 +391,127 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The GUID of the Role Assignment. | +| `resourceId` | string | The resource ID of the Role Assignment. | +| `scope` | string | The scope this Role Assignment applies to. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/role-assignment/main.json b/modules/authorization/role-assignment/main.json index 23f3d4897d..0cf8880ab7 100644 --- a/modules/authorization/role-assignment/main.json +++ b/modules/authorization/role-assignment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14335081108343042206" + "version": "0.22.6.54827", + "templateHash": "807341397297135440" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6412111068130570787" + "version": "0.22.6.54827", + "templateHash": "3058280694250439865" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -756,8 +756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15330444935750176887" + "version": "0.22.6.54827", + "templateHash": "1741591761510469286" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -1345,8 +1345,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11095586144343595797" + "version": "0.22.6.54827", + "templateHash": "13714993030578518060" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", diff --git a/modules/authorization/role-assignment/management-group/README.md b/modules/authorization/role-assignment/management-group/README.md index 911ac2c8e6..2166992af8 100644 --- a/modules/authorization/role-assignment/management-group/README.md +++ b/modules/authorization/role-assignment/management-group/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceId` | string | The resource ID of the Role Assignment. | diff --git a/modules/authorization/role-assignment/management-group/main.json b/modules/authorization/role-assignment/management-group/main.json index 5356f24b6f..c7695ece43 100644 --- a/modules/authorization/role-assignment/management-group/main.json +++ b/modules/authorization/role-assignment/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5116103670131987468" + "version": "0.22.6.54827", + "templateHash": "3058280694250439865" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", diff --git a/modules/authorization/role-assignment/resource-group/README.md b/modules/authorization/role-assignment/resource-group/README.md index a2cd0959a5..3699890e4a 100644 --- a/modules/authorization/role-assignment/resource-group/README.md +++ b/modules/authorization/role-assignment/resource-group/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `resourceGroupName` | string | `[resourceGroup().name]` | | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceGroupName` | string | The name of the resource group the role assignment was applied at. | diff --git a/modules/authorization/role-assignment/resource-group/main.json b/modules/authorization/role-assignment/resource-group/main.json index 056f28f034..3ce0469854 100644 --- a/modules/authorization/role-assignment/resource-group/main.json +++ b/modules/authorization/role-assignment/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1439450089488966223" + "version": "0.22.6.54827", + "templateHash": "13714993030578518060" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", diff --git a/modules/authorization/role-assignment/subscription/README.md b/modules/authorization/role-assignment/subscription/README.md index 58b5d059a4..cf374e9f4d 100644 --- a/modules/authorization/role-assignment/subscription/README.md +++ b/modules/authorization/role-assignment/subscription/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceId` | string | The resource ID of the Role Assignment. | diff --git a/modules/authorization/role-assignment/subscription/main.json b/modules/authorization/role-assignment/subscription/main.json index 751db130ed..12889ef5e5 100644 --- a/modules/authorization/role-assignment/subscription/main.json +++ b/modules/authorization/role-assignment/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "318736480892502738" + "version": "0.22.6.54827", + "templateHash": "1741591761510469286" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", diff --git a/modules/authorization/role-definition/README.md b/modules/authorization/role-definition/README.md index 35163be1ba..0008ff66c4 100644 --- a/modules/authorization/role-definition/README.md +++ b/modules/authorization/role-definition/README.md @@ -4,71 +4,42 @@ This module deploys a Role Definition at a Management Group, Subscription or Res ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleDefinitions` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleDefinitions) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `resourceGroupName` | string | `''` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | -| `subscriptionId` | string | `''` | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | - - -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The GUID of the Role Definition. | -| `resourceId` | string | The resource ID of the Role Definition. | -| `scope` | string | The scope this Role Definition applies to. | - -## Cross-referenced modules - -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-definition:1.0.0`. -## Deployment examples +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardmgcom' params: { // Required parameters @@ -140,14 +111,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardmgmin' params: { // Required parameters @@ -195,14 +166,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardrgcom' params: { // Required parameters @@ -290,14 +261,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardrgmin' params: { // Required parameters @@ -345,14 +316,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardsubcom' params: { // Required parameters @@ -440,14 +411,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardsubmin' params: { // Required parameters @@ -500,6 +471,126 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the Resource Group where the Role Definition and Target Scope will be applied to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The GUID of the Role Definition. | +| `resourceId` | string | The resource ID of the Role Definition. | +| `scope` | string | The scope this Role Definition applies to. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/role-definition/main.json b/modules/authorization/role-definition/main.json index cf31e78348..51ac23254d 100644 --- a/modules/authorization/role-definition/main.json +++ b/modules/authorization/role-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18292113724809460809" + "version": "0.22.6.54827", + "templateHash": "16702773762135222765" }, "name": "Role Definitions (All scopes)", "description": "This module deploys a Role Definition at a Management Group, Subscription or Resource Group scope.", @@ -151,8 +151,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1388091612585738122" + "version": "0.22.6.54827", + "templateHash": "5277764931156995532" }, "name": "Role Definitions (Management Group scope)", "description": "This module deploys a Role Definition at a Management Group scope.", @@ -313,8 +313,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11994641933581262080" + "version": "0.22.6.54827", + "templateHash": "5911596219403447648" }, "name": "Role Definitions (Subscription scope)", "description": "This module deploys a Role Definition at a Subscription scope.", @@ -491,8 +491,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "51591651981484766" + "version": "0.22.6.54827", + "templateHash": "15123790149450958610" }, "name": "Role Definitions (Resource Group scope)", "description": "This module deploys a Role Definition at a Resource Group scope.", diff --git a/modules/authorization/role-definition/management-group/README.md b/modules/authorization/role-definition/management-group/README.md index 02a11b45bc..e892466ced 100644 --- a/modules/authorization/role-definition/management-group/README.md +++ b/modules/authorization/role-definition/management-group/README.md @@ -19,26 +19,81 @@ This module deploys a Role Definition at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `notActions` | array | `[]` | List of denied actions. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | diff --git a/modules/authorization/role-definition/management-group/main.json b/modules/authorization/role-definition/management-group/main.json index cc28a185f9..00d197b4e8 100644 --- a/modules/authorization/role-definition/management-group/main.json +++ b/modules/authorization/role-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15321014984642305644" + "version": "0.22.6.54827", + "templateHash": "5277764931156995532" }, "name": "Role Definitions (Management Group scope)", "description": "This module deploys a Role Definition at a Management Group scope.", diff --git a/modules/authorization/role-definition/resource-group/README.md b/modules/authorization/role-definition/resource-group/README.md index 924c4eb112..1e5da9a0d7 100644 --- a/modules/authorization/role-definition/resource-group/README.md +++ b/modules/authorization/role-definition/resource-group/README.md @@ -19,28 +19,97 @@ This module deploys a Role Definition at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `resourceGroupName` | string | `[resourceGroup().name]` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceGroupName` | string | The name of the resource group the role definition was created at. | diff --git a/modules/authorization/role-definition/resource-group/main.json b/modules/authorization/role-definition/resource-group/main.json index 734ae5e18c..c10d685cc7 100644 --- a/modules/authorization/role-definition/resource-group/main.json +++ b/modules/authorization/role-definition/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13735806028928031798" + "version": "0.22.6.54827", + "templateHash": "15123790149450958610" }, "name": "Role Definitions (Resource Group scope)", "description": "This module deploys a Role Definition at a Resource Group scope.", diff --git a/modules/authorization/role-definition/subscription/README.md b/modules/authorization/role-definition/subscription/README.md index 3bbd9894b0..e0f96a3894 100644 --- a/modules/authorization/role-definition/subscription/README.md +++ b/modules/authorization/role-definition/subscription/README.md @@ -19,28 +19,97 @@ This module deploys a Role Definition at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | diff --git a/modules/authorization/role-definition/subscription/main.json b/modules/authorization/role-definition/subscription/main.json index 13af925166..ab79f1d69a 100644 --- a/modules/authorization/role-definition/subscription/main.json +++ b/modules/authorization/role-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9532889033437004469" + "version": "0.22.6.54827", + "templateHash": "5911596219403447648" }, "name": "Role Definitions (Subscription scope)", "description": "This module deploys a Role Definition at a Subscription scope.", diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep index 2efb5d1f6e..7bfe9ab16b 100644 --- a/modules/automation/automation-account/.test/common/main.test.bicep +++ b/modules/automation/automation-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/automation/automation-account/.test/min/main.test.bicep b/modules/automation/automation-account/.test/min/main.test.bicep index 85372aede7..3156e8971b 100644 --- a/modules/automation/automation-account/.test/min/main.test.bicep +++ b/modules/automation/automation-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 92619970e8..52e1318985 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Automation Account. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -29,90 +29,29 @@ This module deploys an Azure Automation Account. | `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) | | `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Automation Account. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | Disable local authentication profile used within the resource. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the linked log analytics workspace. | -| `jobSchedules` | array | `[]` | | List of jobSchedules to be created in the automation account. | -| `linkedWorkspaceResourceId` | string | `''` | | ID of the log analytics workspace to be linked to the deployed automation account. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `modules` | array | `[]` | | List of modules to be created in the automation account. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `runbooks` | array | `[]` | | List of runbooks to be created in the automation account. | -| `schedules` | array | `[]` | | List of schedules to be created in the automation account. | -| `skuName` | string | `'Basic'` | `[Basic, Free]` | SKU name of the account. | -| `softwareUpdateConfigurations` | array | `[]` | | List of softwareUpdateConfigurations to be created in the automation account. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Automation Account resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `variables` | array | `[]` | | List of variables to be created in the automation account. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed automation account. | -| `resourceGroupName` | string | The resource group of the deployed automation account. | -| `resourceId` | string | The resource ID of the deployed automation account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | -| `operational-insights/workspace/linked-service` | Local reference | -| `operations-management/solution` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/automation.automation-account:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aacom' params: { // Required parameters @@ -548,14 +487,14 @@ module automationAccount './automation/automation-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aaencr' params: { // Required parameters @@ -613,14 +552,17 @@ module automationAccount './automation/automation-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aamin' params: { // Required parameters @@ -657,3 +599,294 @@ module automationAccount './automation/automation-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disable local authentication profile used within the resource. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gallerySolutions`](#parameter-gallerysolutions) | array | List of gallerySolutions to be created in the linked log analytics workspace. | +| [`jobSchedules`](#parameter-jobschedules) | array | List of jobSchedules to be created in the automation account. | +| [`linkedWorkspaceResourceId`](#parameter-linkedworkspaceresourceid) | string | ID of the log analytics workspace to be linked to the deployed automation account. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`modules`](#parameter-modules) | array | List of modules to be created in the automation account. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`runbooks`](#parameter-runbooks) | array | List of runbooks to be created in the automation account. | +| [`schedules`](#parameter-schedules) | array | List of schedules to be created in the automation account. | +| [`skuName`](#parameter-skuname) | string | SKU name of the account. | +| [`softwareUpdateConfigurations`](#parameter-softwareupdateconfigurations) | array | List of softwareUpdateConfigurations to be created in the automation account. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`variables`](#parameter-variables) | array | List of variables to be created in the automation account. | + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Disable local authentication profile used within the resource. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gallerySolutions` + +List of gallerySolutions to be created in the linked log analytics workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `jobSchedules` + +List of jobSchedules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `linkedWorkspaceResourceId` + +ID of the log analytics workspace to be linked to the deployed automation account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `modules` + +List of modules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Name of the Automation Account. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `runbooks` + +List of runbooks to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +List of schedules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +SKU name of the account. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Free]` + +### Parameter: `softwareUpdateConfigurations` + +List of softwareUpdateConfigurations to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `variables` + +List of variables to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed automation account. | +| `resourceGroupName` | string | The resource group of the deployed automation account. | +| `resourceId` | string | The resource ID of the deployed automation account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | +| `modules/operational-insights/workspace/linked-service` | Local reference | +| `modules/operations-management/solution` | Local reference | diff --git a/modules/automation/automation-account/job-schedule/README.md b/modules/automation/automation-account/job-schedule/README.md index d5f88fc047..57460c8123 100644 --- a/modules/automation/automation-account/job-schedule/README.md +++ b/modules/automation/automation-account/job-schedule/README.md @@ -19,35 +19,81 @@ This module deploys an Azure Automation Account Job Schedule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `runbookName` | string | The runbook property associated with the entity. | -| `scheduleName` | string | The schedule property associated with the entity. | +| [`runbookName`](#parameter-runbookname) | string | The runbook property associated with the entity. | +| [`scheduleName`](#parameter-schedulename) | string | The schedule property associated with the entity. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `parameters` | object | `{object}` | List of job properties. | -| `runOn` | string | `''` | The hybrid worker group that the scheduled job should run on. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`parameters`](#parameter-parameters) | object | List of job properties. | +| [`runOn`](#parameter-runon) | string | The hybrid worker group that the scheduled job should run on. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[newGuid()]` | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `parameters` + +List of job properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `runbookName` + +The runbook property associated with the entity. +- Required: Yes +- Type: string + +### Parameter: `runOn` + +The hybrid worker group that the scheduled job should run on. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scheduleName` + +The schedule property associated with the entity. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed job schedule. | | `resourceGroupName` | string | The resource group of the deployed job schedule. | diff --git a/modules/automation/automation-account/job-schedule/main.json b/modules/automation/automation-account/job-schedule/main.json index 5fee90a026..bb8ec2e35b 100644 --- a/modules/automation/automation-account/job-schedule/main.json +++ b/modules/automation/automation-account/job-schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12038142052110102548" + "version": "0.22.6.54827", + "templateHash": "7560418296837405700" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", diff --git a/modules/automation/automation-account/main.json b/modules/automation/automation-account/main.json index 413b25d49a..e99ac28588 100644 --- a/modules/automation/automation-account/main.json +++ b/modules/automation/automation-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "715583337826412599" + "version": "0.22.6.54827", + "templateHash": "14616774767362362836" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -387,8 +387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6993581259043167782" + "version": "0.22.6.54827", + "templateHash": "15709477569881004771" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -544,8 +544,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14615504958276169101" + "version": "0.22.6.54827", + "templateHash": "4119330639685982378" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", @@ -740,8 +740,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14475542689236047442" + "version": "0.22.6.54827", + "templateHash": "18248893160569507204" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", @@ -945,8 +945,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12703294720660038691" + "version": "0.22.6.54827", + "templateHash": "7560418296837405700" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", @@ -1097,8 +1097,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10724020478275741370" + "version": "0.22.6.54827", + "templateHash": "17400819380217562013" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", @@ -1235,8 +1235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7090165993767697446" + "version": "0.22.6.54827", + "templateHash": "15022791045507209174" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -1377,8 +1377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9052763253522380709" + "version": "0.22.6.54827", + "templateHash": "2318608107759137473" }, "name": "Operations Management Solutions", "description": "This module deploys an Operations Management Solution.", @@ -1563,8 +1563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17973053005173772952" + "version": "0.22.6.54827", + "templateHash": "10775503419002427646" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", @@ -2035,8 +2035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2235,8 +2235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2373,8 +2373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2587,8 +2587,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10676519467876912979" + "version": "0.22.6.54827", + "templateHash": "10195514445399502357" } }, "parameters": { diff --git a/modules/automation/automation-account/module/README.md b/modules/automation/automation-account/module/README.md index 21ea5e81c4..bba5a2892b 100644 --- a/modules/automation/automation-account/module/README.md +++ b/modules/automation/automation-account/module/README.md @@ -19,30 +19,76 @@ This module deploys an Azure Automation Account Module. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Automation Account module. | -| `uri` | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | +| [`name`](#parameter-name) | string | Name of the Automation Account module. | +| [`uri`](#parameter-uri) | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tags` | object | `{object}` | Tags of the Automation Account resource. | -| `version` | string | `'latest'` | Module version or specify latest to get the latest version. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`version`](#parameter-version) | string | Module version or specify latest to get the latest version. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Automation Account module. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uri` + +Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. +- Required: Yes +- Type: string + +### Parameter: `version` + +Module version or specify latest to get the latest version. +- Required: No +- Type: string +- Default: `'latest'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed module. | diff --git a/modules/automation/automation-account/module/main.json b/modules/automation/automation-account/module/main.json index 92e1b857bf..bf3c18c30b 100644 --- a/modules/automation/automation-account/module/main.json +++ b/modules/automation/automation-account/module/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12776439865232935886" + "version": "0.22.6.54827", + "templateHash": "15709477569881004771" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", diff --git a/modules/automation/automation-account/runbook/README.md b/modules/automation/automation-account/runbook/README.md index 5712d4182b..8cb4f7f0c8 100644 --- a/modules/automation/automation-account/runbook/README.md +++ b/modules/automation/automation-account/runbook/README.md @@ -19,40 +19,122 @@ This module deploys an Azure Automation Account Runbook. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the Automation Account runbook. | -| `type` | string | `[Graph, GraphPowerShell, GraphPowerShellWorkflow, PowerShell, PowerShellWorkflow]` | The type of the runbook. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account runbook. | +| [`type`](#parameter-type) | string | The type of the runbook. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description of the runbook. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `sasTokenValidityLength` | string | `'PT8H'` | SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `scriptStorageAccountId` | string | `''` | ID of the runbook storage account. | -| `tags` | object | `{object}` | Tags of the Automation Account resource. | -| `uri` | string | `''` | The uri of the runbook content. | -| `version` | string | `''` | The version of the runbook content. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the runbook. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`scriptStorageAccountId`](#parameter-scriptstorageaccountid) | string | ID of the runbook storage account. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`uri`](#parameter-uri) | string | The uri of the runbook content. | +| [`version`](#parameter-version) | string | The version of the runbook content. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Time used as a basis for e.g. the schedule start date. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `description` + +The description of the runbook. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Automation Account runbook. +- Required: Yes +- Type: string + +### Parameter: `sasTokenValidityLength` + +SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `scriptStorageAccountId` + +ID of the runbook storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The type of the runbook. +- Required: Yes +- Type: string +- Allowed: `[Graph, GraphPowerShell, GraphPowerShellWorkflow, PowerShell, PowerShellWorkflow]` + +### Parameter: `uri` + +The uri of the runbook content. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `version` + +The version of the runbook content. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed runbook. | diff --git a/modules/automation/automation-account/runbook/main.json b/modules/automation/automation-account/runbook/main.json index 21cabe276d..3a2f126c75 100644 --- a/modules/automation/automation-account/runbook/main.json +++ b/modules/automation/automation-account/runbook/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "123190998372280958" + "version": "0.22.6.54827", + "templateHash": "18248893160569507204" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", diff --git a/modules/automation/automation-account/schedule/README.md b/modules/automation/automation-account/schedule/README.md index c337d0a7a1..df92b24d03 100644 --- a/modules/automation/automation-account/schedule/README.md +++ b/modules/automation/automation-account/schedule/README.md @@ -19,39 +19,115 @@ This module deploys an Azure Automation Account Schedule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Automation Account schedule. | +| [`name`](#parameter-name) | string | Name of the Automation Account schedule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `advancedSchedule` | object | `{object}` | | The properties of the create Advanced Schedule. | -| `description` | string | `''` | | The description of the schedule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `expiryTime` | string | `''` | | The end time of the schedule. | -| `frequency` | string | `'OneTime'` | `[Day, Hour, Minute, Month, OneTime, Week]` | The frequency of the schedule. | -| `interval` | int | `0` | | Anything. | -| `startTime` | string | `''` | | The start time of the schedule. | -| `timeZone` | string | `''` | | The time zone of the schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`advancedSchedule`](#parameter-advancedschedule) | object | The properties of the create Advanced Schedule. | +| [`description`](#parameter-description) | string | The description of the schedule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`expiryTime`](#parameter-expirytime) | string | The end time of the schedule. | +| [`frequency`](#parameter-frequency) | string | The frequency of the schedule. | +| [`interval`](#parameter-interval) | int | Anything. | +| [`startTime`](#parameter-starttime) | string | The start time of the schedule. | +| [`timeZone`](#parameter-timezone) | string | The time zone of the schedule. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Time used as a basis for e.g. the schedule start date. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | + +### Parameter: `advancedSchedule` + +The properties of the create Advanced Schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `description` + +The description of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `expiryTime` + +The end time of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `frequency` + +The frequency of the schedule. +- Required: No +- Type: string +- Default: `'OneTime'` +- Allowed: `[Day, Hour, Minute, Month, OneTime, Week]` + +### Parameter: `interval` + +Anything. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `name` + +Name of the Automation Account schedule. +- Required: Yes +- Type: string + +### Parameter: `startTime` + +The start time of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `timeZone` + +The time zone of the schedule. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed schedule. | | `resourceGroupName` | string | The resource group of the deployed schedule. | diff --git a/modules/automation/automation-account/schedule/main.json b/modules/automation/automation-account/schedule/main.json index b76ec06a61..4183686e3a 100644 --- a/modules/automation/automation-account/schedule/main.json +++ b/modules/automation/automation-account/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5807574740331814274" + "version": "0.22.6.54827", + "templateHash": "4119330639685982378" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", diff --git a/modules/automation/automation-account/software-update-configuration/README.md b/modules/automation/automation-account/software-update-configuration/README.md index 4504591720..97acf050e6 100644 --- a/modules/automation/automation-account/software-update-configuration/README.md +++ b/modules/automation/automation-account/software-update-configuration/README.md @@ -20,62 +20,302 @@ This module deploys an Azure Automation Account Software Update Configuration. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `frequency` | string | `[Day, Hour, Month, OneTime, Week]` | The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. | -| `name` | string | | The name of the Deployment schedule. | -| `operatingSystem` | string | `[Linux, Windows]` | The operating system to be configured by the deployment schedule. | -| `rebootSetting` | string | `[Always, IfRequired, Never, RebootOnly]` | Reboot setting for the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`frequency`](#parameter-frequency) | string | The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. | +| [`name`](#parameter-name) | string | The name of the Deployment schedule. | +| [`operatingSystem`](#parameter-operatingsystem) | string | The operating system to be configured by the deployment schedule. | +| [`rebootSetting`](#parameter-rebootsetting) | string | Reboot setting for the deployment schedule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `azureVirtualMachines` | array | `[]` | | List of azure resource IDs for azure virtual machines in scope for the deployment schedule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `excludeUpdates` | array | `[]` | | KB numbers or Linux packages excluded in the deployment schedule. | -| `expiryTime` | string | `''` | | The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | -| `expiryTimeOffsetMinutes` | int | `0` | | The expiry time's offset in minutes. | -| `includeUpdates` | array | `[]` | | KB numbers or Linux packages included in the deployment schedule. | -| `interval` | int | `1` | | The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. | -| `isEnabled` | bool | `True` | | Enables the deployment schedule. | -| `maintenanceWindow` | string | `'PT2H'` | | Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. | -| `monthDays` | array | `[]` | `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]` | Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. | -| `monthlyOccurrences` | array | `[]` | | Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. | -| `nextRun` | string | `''` | | The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | -| `nextRunOffsetMinutes` | int | `0` | | The next run's offset in minutes. | -| `nonAzureComputerNames` | array | `[]` | | List of names of non-azure machines in scope for the deployment schedule. | -| `nonAzureQueries` | array | `[]` | | Array of functions from a Log Analytics workspace, used to scope the deployment schedule. | -| `postTaskParameters` | object | `{object}` | | Parameters provided to the task running after the deployment schedule. | -| `postTaskSource` | string | `''` | | The source of the task running after the deployment schedule. | -| `preTaskParameters` | object | `{object}` | | Parameters provided to the task running before the deployment schedule. | -| `preTaskSource` | string | `''` | | The source of the task running before the deployment schedule. | -| `scheduleDescription` | string | `''` | | The schedules description. | -| `scopeByLocations` | array | `[]` | | Specify locations to which to scope the deployment schedule to. | -| `scopeByResources` | array | `[[subscription().id]]` | | Specify the resources to scope the deployment schedule to. | -| `scopeByTags` | object | `{object}` | | Specify tags to which to scope the deployment schedule to. | -| `scopeByTagsOperation` | string | `'All'` | `[All, Any]` | Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). | -| `startTime` | string | `''` | | The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. | -| `timeZone` | string | `'UTC'` | | Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. | -| `updateClassifications` | array | `[Critical, Security]` | `[Critical, Definition, FeaturePack, Other, Security, ServicePack, Tools, UpdateRollup, Updates]` | Update classification included in the deployment schedule. | -| `weekDays` | array | `[]` | `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` | Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureVirtualMachines`](#parameter-azurevirtualmachines) | array | List of azure resource IDs for azure virtual machines in scope for the deployment schedule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`excludeUpdates`](#parameter-excludeupdates) | array | KB numbers or Linux packages excluded in the deployment schedule. | +| [`expiryTime`](#parameter-expirytime) | string | The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | +| [`expiryTimeOffsetMinutes`](#parameter-expirytimeoffsetminutes) | int | The expiry time's offset in minutes. | +| [`includeUpdates`](#parameter-includeupdates) | array | KB numbers or Linux packages included in the deployment schedule. | +| [`interval`](#parameter-interval) | int | The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. | +| [`isEnabled`](#parameter-isenabled) | bool | Enables the deployment schedule. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | string | Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. | +| [`monthDays`](#parameter-monthdays) | array | Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. | +| [`monthlyOccurrences`](#parameter-monthlyoccurrences) | array | Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. | +| [`nextRun`](#parameter-nextrun) | string | The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | +| [`nextRunOffsetMinutes`](#parameter-nextrunoffsetminutes) | int | The next run's offset in minutes. | +| [`nonAzureComputerNames`](#parameter-nonazurecomputernames) | array | List of names of non-azure machines in scope for the deployment schedule. | +| [`nonAzureQueries`](#parameter-nonazurequeries) | array | Array of functions from a Log Analytics workspace, used to scope the deployment schedule. | +| [`postTaskParameters`](#parameter-posttaskparameters) | object | Parameters provided to the task running after the deployment schedule. | +| [`postTaskSource`](#parameter-posttasksource) | string | The source of the task running after the deployment schedule. | +| [`preTaskParameters`](#parameter-pretaskparameters) | object | Parameters provided to the task running before the deployment schedule. | +| [`preTaskSource`](#parameter-pretasksource) | string | The source of the task running before the deployment schedule. | +| [`scheduleDescription`](#parameter-scheduledescription) | string | The schedules description. | +| [`scopeByLocations`](#parameter-scopebylocations) | array | Specify locations to which to scope the deployment schedule to. | +| [`scopeByResources`](#parameter-scopebyresources) | array | Specify the resources to scope the deployment schedule to. | +| [`scopeByTags`](#parameter-scopebytags) | object | Specify tags to which to scope the deployment schedule to. | +| [`scopeByTagsOperation`](#parameter-scopebytagsoperation) | string | Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). | +| [`startTime`](#parameter-starttime) | string | The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. | +| [`timeZone`](#parameter-timezone) | string | Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. | +| [`updateClassifications`](#parameter-updateclassifications) | array | Update classification included in the deployment schedule. | +| [`weekDays`](#parameter-weekdays) | array | Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `azureVirtualMachines` + +List of azure resource IDs for azure virtual machines in scope for the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `baseTime` + +Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `excludeUpdates` + +KB numbers or Linux packages excluded in the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `expiryTime` + +The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `expiryTimeOffsetMinutes` + +The expiry time's offset in minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `frequency` + +The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. +- Required: Yes +- Type: string +- Allowed: `[Day, Hour, Month, OneTime, Week]` + +### Parameter: `includeUpdates` + +KB numbers or Linux packages included in the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `interval` + +The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `isEnabled` + +Enables the deployment schedule. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `maintenanceWindow` + +Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. +- Required: No +- Type: string +- Default: `'PT2H'` + +### Parameter: `monthDays` + +Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]` + +### Parameter: `monthlyOccurrences` + +Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the Deployment schedule. +- Required: Yes +- Type: string + +### Parameter: `nextRun` + +The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `nextRunOffsetMinutes` + +The next run's offset in minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `nonAzureComputerNames` + +List of names of non-azure machines in scope for the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `nonAzureQueries` + +Array of functions from a Log Analytics workspace, used to scope the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `operatingSystem` + +The operating system to be configured by the deployment schedule. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `postTaskParameters` + +Parameters provided to the task running after the deployment schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `postTaskSource` + +The source of the task running after the deployment schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `preTaskParameters` + +Parameters provided to the task running before the deployment schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `preTaskSource` + +The source of the task running before the deployment schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `rebootSetting` + +Reboot setting for the deployment schedule. +- Required: Yes +- Type: string +- Allowed: `[Always, IfRequired, Never, RebootOnly]` + +### Parameter: `scheduleDescription` + +The schedules description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scopeByLocations` + +Specify locations to which to scope the deployment schedule to. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopeByResources` + +Specify the resources to scope the deployment schedule to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `scopeByTags` + +Specify tags to which to scope the deployment schedule to. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `scopeByTagsOperation` + +Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Any]` + +### Parameter: `startTime` + +The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `timeZone` + +Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. +- Required: No +- Type: string +- Default: `'UTC'` + +### Parameter: `updateClassifications` + +Update classification included in the deployment schedule. +- Required: No +- Type: array +- Default: `[Critical, Security]` +- Allowed: `[Critical, Definition, FeaturePack, Other, Security, ServicePack, Tools, UpdateRollup, Updates]` + +### Parameter: `weekDays` + +Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed softwareUpdateConfiguration. | | `resourceGroupName` | string | The resource group of the deployed softwareUpdateConfiguration. | diff --git a/modules/automation/automation-account/software-update-configuration/main.json b/modules/automation/automation-account/software-update-configuration/main.json index f4305ddbf8..14b2d33ac1 100644 --- a/modules/automation/automation-account/software-update-configuration/main.json +++ b/modules/automation/automation-account/software-update-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11844327136869535634" + "version": "0.22.6.54827", + "templateHash": "10775503419002427646" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", diff --git a/modules/automation/automation-account/variable/README.md b/modules/automation/automation-account/variable/README.md index a3356c0f6a..99ec5a4985 100644 --- a/modules/automation/automation-account/variable/README.md +++ b/modules/automation/automation-account/variable/README.md @@ -20,29 +20,68 @@ This module deploys an Azure Automation Account Variable. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the variable. | -| `value` | securestring | The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. | +| [`name`](#parameter-name) | string | The name of the variable. | +| [`value`](#parameter-value) | securestring | The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description of the variable. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `isEncrypted` | bool | `True` | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the variable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`isEncrypted`](#parameter-isencrypted) | bool | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `description` + +The description of the variable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `isEncrypted` + +If the variable should be encrypted. For security reasons encryption of variables should be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the variable. +- Required: Yes +- Type: string + +### Parameter: `value` + +The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. +- Required: Yes +- Type: securestring ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed variable. | | `resourceGroupName` | string | The resource group of the deployed variable. | diff --git a/modules/automation/automation-account/variable/main.json b/modules/automation/automation-account/variable/main.json index e0ffc7ec3a..333cb278b4 100644 --- a/modules/automation/automation-account/variable/main.json +++ b/modules/automation/automation-account/variable/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17684191295648041474" + "version": "0.22.6.54827", + "templateHash": "17400819380217562013" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index d90c14f14e..b81a0e4036 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/batch/batch-account/.test/min/main.test.bicep b/modules/batch/batch-account/.test/min/main.test.bicep index c92b18d8ab..8d213101ab 100644 --- a/modules/batch/batch-account/.test/min/main.test.bicep +++ b/modules/batch/batch-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index cf3dd26a6c..17cd685691 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -4,13 +4,13 @@ This module deploys a Batch Account. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,83 +21,29 @@ This module deploys a Batch Account. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Batch. | -| `storageAccountId` | string | The resource ID of the storage account to be used for auto-storage account. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `keyVaultReferenceResourceId` | string | `''` | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedAuthenticationModes` | array | `[]` | `[AAD, SharedKey, TaskAuthenticationToken]` | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ServiceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkProfileAllowedIpRanges` | array | `[]` | | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | -| `networkProfileDefaultAction` | string | `'Deny'` | `[Allow, Deny]` | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | -| `poolAllocationMode` | string | `'BatchService'` | `[BatchService, UserSubscription]` | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. | -| `storageAccessIdentity` | string | `''` | | The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. | -| `storageAuthenticationMode` | string | `'StorageKeys'` | `[BatchAccountManagedIdentity, StorageKeys]` | The authentication mode which the Batch service will use to manage the auto-storage account. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the batch account. | -| `resourceGroupName` | string | The resource group the batch account was deployed into. | -| `resourceId` | string | The resource ID of the batch account. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/batch.batch-account:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbacom' params: { // Required parameters @@ -239,14 +185,14 @@ module batchAccount './batch/batch-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbaencr' params: { // Required parameters @@ -362,14 +308,17 @@ module batchAccount './batch/batch-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbamin' params: { // Required parameters @@ -410,3 +359,261 @@ module batchAccount './batch/batch-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Batch. | +| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account to be used for auto-storage account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`keyVaultReferenceResourceId`](#parameter-keyvaultreferenceresourceid) | string | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedAuthenticationModes`](#parameter-allowedauthenticationmodes) | array | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkProfileAllowedIpRanges`](#parameter-networkprofileallowedipranges) | array | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | +| [`networkProfileDefaultAction`](#parameter-networkprofiledefaultaction) | string | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | +| [`poolAllocationMode`](#parameter-poolallocationmode) | string | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. | +| [`storageAccessIdentity`](#parameter-storageaccessidentity) | string | The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. | +| [`storageAuthenticationMode`](#parameter-storageauthenticationmode) | string | The authentication mode which the Batch service will use to manage the auto-storage account. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `allowedAuthenticationModes` + +List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[AAD, SharedKey, TaskAuthenticationToken]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ServiceLog]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultReferenceResourceId` + +The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Batch. +- Required: Yes +- Type: string + +### Parameter: `networkProfileAllowedIpRanges` + +Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkProfileDefaultAction` + +The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Allow, Deny]` + +### Parameter: `poolAllocationMode` + +The allocation mode for creating pools in the Batch account. Determines which quota will be used. +- Required: No +- Type: string +- Default: `'BatchService'` +- Allowed: `[BatchService, UserSubscription]` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `storageAccessIdentity` + +The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountId` + +The resource ID of the storage account to be used for auto-storage account. +- Required: Yes +- Type: string + +### Parameter: `storageAuthenticationMode` + +The authentication mode which the Batch service will use to manage the auto-storage account. +- Required: No +- Type: string +- Default: `'StorageKeys'` +- Allowed: `[BatchAccountManagedIdentity, StorageKeys]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the batch account. | +| `resourceGroupName` | string | The resource group the batch account was deployed into. | +| `resourceId` | string | The resource ID of the batch account. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/batch/batch-account/main.json b/modules/batch/batch-account/main.json index a114631351..0253e6c50b 100644 --- a/modules/batch/batch-account/main.json +++ b/modules/batch/batch-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8956575251332566079" + "version": "0.22.6.54827", + "templateHash": "12201052807403978225" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -391,8 +391,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -591,8 +591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -729,8 +729,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cache/redis-enterprise/.test/common/main.test.bicep b/modules/cache/redis-enterprise/.test/common/main.test.bicep index fe85adb34b..70adc46f2c 100644 --- a/modules/cache/redis-enterprise/.test/common/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis-enterprise/.test/min/main.test.bicep b/modules/cache/redis-enterprise/.test/min/main.test.bicep index dfe3f24c13..19ab84407e 100644 --- a/modules/cache/redis-enterprise/.test/min/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 4421956599..79e8069cff 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -5,10 +5,10 @@ This module deploys a Redis Cache Enterprise. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,71 +22,29 @@ This module deploys a Redis Cache Enterprise. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis Cache Enterprise resource. | - -**Optional parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `2` | | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. | -| `databases` | array | `[]` | | The databases to create in the Redis Cache Enterprise Cluster. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[]` | `['', audit, ConnectionEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Enterprise_E10'` | `[Enterprise_E10, Enterprise_E100, Enterprise_E20, Enterprise_E50, EnterpriseFlash_F1500, EnterpriseFlash_F300, EnterpriseFlash_F700]` | The type of Redis Enterprise Cluster to deploy. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundant` | bool | `True` | | When true, the cluster will be deployed across availability zones. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis-enterprise:1.0.0`. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis hostname. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the redis cache enterprise. | -| `resourceGroupName` | string | The name of the resource group the redis cache enterprise was created in. | -| `resourceId` | string | The resource ID of the redis cache enterprise. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Geo](#example-2-geo) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crecom' params: { // Required parameters @@ -264,14 +222,14 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {

-

Example 2: Geo

+### Example 2: _Geo_
via Bicep module ```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cregeo' params: { // Required parameters @@ -385,14 +343,17 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cremin' params: { // Required parameters @@ -429,3 +390,191 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Redis Cache Enterprise resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. | +| [`databases`](#parameter-databases) | array | The databases to create in the Redis Cache Enterprise Cluster. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The geo-location where the resource lives. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | The type of Redis Enterprise Cluster to deploy. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, the cluster will be deployed across availability zones. | + +### Parameter: `capacity` + +The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `databases` + +The databases to create in the Redis Cache Enterprise Cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `['', audit, ConnectionEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The geo-location where the resource lives. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimumTlsVersion` + +Requires clients to use a specified TLS version (or higher) to connect. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the Redis Cache Enterprise resource. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The type of Redis Enterprise Cluster to deploy. +- Required: No +- Type: string +- Default: `'Enterprise_E10'` +- Allowed: `[Enterprise_E10, Enterprise_E100, Enterprise_E20, Enterprise_E50, EnterpriseFlash_F1500, EnterpriseFlash_F300, EnterpriseFlash_F700]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +When true, the cluster will be deployed across availability zones. +- Required: No +- Type: bool +- Default: `True` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis hostname. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the redis cache enterprise. | +| `resourceGroupName` | string | The name of the resource group the redis cache enterprise was created in. | +| `resourceId` | string | The resource ID of the redis cache enterprise. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/cache/redis-enterprise/database/README.md b/modules/cache/redis-enterprise/database/README.md index b685df1716..7f0d3120d2 100644 --- a/modules/cache/redis-enterprise/database/README.md +++ b/modules/cache/redis-enterprise/database/README.md @@ -20,31 +20,126 @@ This module deploys a Redis Cache Enterprise Database. **Conditional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `persistenceAofFrequency` | string | `''` | `['', 1s, always]` | Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. | -| `persistenceRdbFrequency` | string | `''` | `['', 12h, 1h, 6h]` | Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. | -| `redisCacheEnterpriseName` | string | | | The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`persistenceAofFrequency`](#parameter-persistenceaoffrequency) | string | Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. | +| [`persistenceRdbFrequency`](#parameter-persistencerdbfrequency) | string | Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. | +| [`redisCacheEnterpriseName`](#parameter-rediscacheenterprisename) | string | The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `clientProtocol` | string | `'Encrypted'` | `[Encrypted, Plaintext]` | Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. | -| `clusteringPolicy` | string | `'OSSCluster'` | `[EnterpriseCluster, OSSCluster]` | Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evictionPolicy` | string | `'VolatileLRU'` | `[AllKeysLFU, AllKeysLRU, AllKeysRandom, NoEviction, VolatileLFU, VolatileLRU, VolatileRandom, VolatileTTL]` | Redis eviction policy - default is VolatileLRU. | -| `geoReplication` | object | `{object}` | | Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `modules` | array | `[]` | | Optional set of redis modules to enable in this database - modules can only be added at creation time. | -| `persistenceAofEnabled` | bool | `False` | | Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. | -| `persistenceRdbEnabled` | bool | `False` | | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | -| `port` | int | `-1` | | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clientProtocol`](#parameter-clientprotocol) | string | Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. | +| [`clusteringPolicy`](#parameter-clusteringpolicy) | string | Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evictionPolicy`](#parameter-evictionpolicy) | string | Redis eviction policy - default is VolatileLRU. | +| [`geoReplication`](#parameter-georeplication) | object | Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`modules`](#parameter-modules) | array | Optional set of redis modules to enable in this database - modules can only be added at creation time. | +| [`persistenceAofEnabled`](#parameter-persistenceaofenabled) | bool | Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. | +| [`persistenceRdbEnabled`](#parameter-persistencerdbenabled) | bool | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | +| [`port`](#parameter-port) | int | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | + +### Parameter: `clientProtocol` + +Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. +- Required: No +- Type: string +- Default: `'Encrypted'` +- Allowed: `[Encrypted, Plaintext]` + +### Parameter: `clusteringPolicy` + +Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. +- Required: No +- Type: string +- Default: `'OSSCluster'` +- Allowed: `[EnterpriseCluster, OSSCluster]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evictionPolicy` + +Redis eviction policy - default is VolatileLRU. +- Required: No +- Type: string +- Default: `'VolatileLRU'` +- Allowed: `[AllKeysLFU, AllKeysLRU, AllKeysRandom, NoEviction, VolatileLFU, VolatileLRU, VolatileRandom, VolatileTTL]` + +### Parameter: `geoReplication` + +Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `modules` + +Optional set of redis modules to enable in this database - modules can only be added at creation time. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `persistenceAofEnabled` + +Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `persistenceAofFrequency` + +Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1s, always]` + +### Parameter: `persistenceRdbEnabled` + +Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `persistenceRdbFrequency` + +Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 12h, 1h, 6h]` + +### Parameter: `port` + +TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `redisCacheEnterpriseName` + +The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/cache/redis-enterprise/database/main.json b/modules/cache/redis-enterprise/database/main.json index 27d234923b..d5698a412b 100644 --- a/modules/cache/redis-enterprise/database/main.json +++ b/modules/cache/redis-enterprise/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16731424701559883139" + "version": "0.22.6.54827", + "templateHash": "8155705065039005753" }, "name": "Redis Cache Enterprise Databases", "description": "This module deploys a Redis Cache Enterprise Database.", diff --git a/modules/cache/redis-enterprise/main.json b/modules/cache/redis-enterprise/main.json index acdc3aa903..0dae10b9b6 100644 --- a/modules/cache/redis-enterprise/main.json +++ b/modules/cache/redis-enterprise/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8401793883308983497" + "version": "0.22.6.54827", + "templateHash": "15719841187562389936" }, "name": "Redis Cache Enterprise", "description": "This module deploys a Redis Cache Enterprise.", @@ -296,8 +296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2462654739530119148" + "version": "0.22.6.54827", + "templateHash": "12607572296541142934" } }, "parameters": { @@ -451,8 +451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16731424701559883139" + "version": "0.22.6.54827", + "templateHash": "8155705065039005753" }, "name": "Redis Cache Enterprise Databases", "description": "This module deploys a Redis Cache Enterprise Database.", @@ -689,8 +689,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -889,8 +889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1027,8 +1027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cache/redis/.test/common/main.test.bicep b/modules/cache/redis/.test/common/main.test.bicep index 27cba7a79e..5428f2e9cb 100644 --- a/modules/cache/redis/.test/common/main.test.bicep +++ b/modules/cache/redis/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis/.test/min/main.test.bicep b/modules/cache/redis/.test/min/main.test.bicep index 21c9108e8a..4ab171428a 100644 --- a/modules/cache/redis/.test/min/main.test.bicep +++ b/modules/cache/redis/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 721d612132..8360ae347a 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -5,10 +5,10 @@ This module deploys a Redis Cache. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -22,85 +22,28 @@ This module deploys a Redis Cache. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis cache resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `1` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ConnectedClientList]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | -| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | -| `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | -| `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. | -| `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | -| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `True` | | When true, replicas will be provisioned in availability zones specified in the zones parameter. | -| `zones` | array | `[]` | | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis hostname. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Redis Cache. | -| `resourceGroupName` | string | The name of the resource group the Redis Cache was created in. | -| `resourceId` | string | The resource ID of the Redis Cache. | -| `sslPort` | int | Redis SSL port. | -| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module redis './cache/redis/main.bicep' = { +module redis 'br:bicep/modules/cache.redis:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crcom' params: { // Required parameters @@ -252,14 +195,17 @@ module redis './cache/redis/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module redis './cache/redis/main.bicep' = { +module redis 'br:bicep/modules/cache.redis:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crmin' params: { // Required parameters @@ -298,6 +244,294 @@ module redis './cache/redis/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Redis cache resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableNonSslPort`](#parameter-enablenonsslport) | bool | Specifies whether the non-ssl Redis server port (6379) is enabled. | +| [`location`](#parameter-location) | string | The location to deploy the Redis cache service. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`redisConfiguration`](#parameter-redisconfiguration) | object | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | +| [`redisVersion`](#parameter-redisversion) | string | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | +| [`replicasPerMaster`](#parameter-replicaspermaster) | int | The number of replicas to be created per primary. | +| [`replicasPerPrimary`](#parameter-replicasperprimary) | int | The number of replicas to be created per primary. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`shardCount`](#parameter-shardcount) | int | The number of shards to be created on a Premium Cluster Cache. | +| [`skuName`](#parameter-skuname) | string | The type of Redis cache to deploy. | +| [`staticIP`](#parameter-staticip) | string | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | +| [`subnetId`](#parameter-subnetid) | string | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tenantSettings`](#parameter-tenantsettings) | object | A dictionary of tenant settings. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, replicas will be provisioned in availability zones specified in the zones parameter. | +| [`zones`](#parameter-zones) | array | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | + +### Parameter: `capacity` + +The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). +- Required: No +- Type: int +- Default: `1` +- Allowed: `[0, 1, 2, 3, 4, 5, 6]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ConnectedClientList]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableNonSslPort` + +Specifies whether the non-ssl Redis server port (6379) is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +The location to deploy the Redis cache service. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimumTlsVersion` + +Requires clients to use a specified TLS version (or higher) to connect. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the Redis cache resource. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `redisConfiguration` + +All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `redisVersion` + +Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). +- Required: No +- Type: string +- Default: `'6'` +- Allowed: `[4, 6]` + +### Parameter: `replicasPerMaster` + +The number of replicas to be created per primary. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `replicasPerPrimary` + +The number of replicas to be created per primary. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `shardCount` + +The number of shards to be created on a Premium Cluster Cache. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The type of Redis cache to deploy. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `staticIP` + +Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subnetId` + +The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tenantSettings` + +A dictionary of tenant settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +When true, replicas will be provisioned in availability zones specified in the zones parameter. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `zones` + +If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis hostname. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Redis Cache. | +| `resourceGroupName` | string | The name of the resource group the Redis Cache was created in. | +| `resourceId` | string | The resource ID of the Redis Cache. | +| `sslPort` | int | Redis SSL port. | +| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `redisConfiguration` diff --git a/modules/cache/redis/main.json b/modules/cache/redis/main.json index ef37e001eb..d503dc74b8 100644 --- a/modules/cache/redis/main.json +++ b/modules/cache/redis/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9970933369999379119" + "version": "0.22.6.54827", + "templateHash": "5929435185460509109" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -414,8 +414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7380162094150397462" + "version": "0.22.6.54827", + "templateHash": "4475888832005151593" } }, "parameters": { @@ -575,8 +575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -775,8 +775,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -913,8 +913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cdn/profile/.test/common/main.test.bicep b/modules/cdn/profile/.test/common/main.test.bicep index b8413ea964..d8dcf730f7 100644 --- a/modules/cdn/profile/.test/common/main.test.bicep +++ b/modules/cdn/profile/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index e3f4d453f2..04388adbbd 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -5,10 +5,10 @@ This module deploys a CDN Profile. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -28,68 +28,25 @@ This module deploys a CDN Profile. | `Microsoft.Cdn/profiles/ruleSets/rules` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/ruleSets/rules) | | `Microsoft.Cdn/profiles/secrets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/secrets) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the CDN profile. | -| `sku` | string | `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]` | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `origionGroups` | array | Array of origin group objects. Required if the afdEndpoints is specified. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `afdEndpoints` | array | `[]` | | Array of AFD endpoint objects. | -| `customDomains` | array | `[]` | | Array of custom domain objects. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endpointName` | string | `''` | | Name of the endpoint under the profile which is unique globally. | -| `endpointProperties` | object | `{object}` | | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `originResponseTimeoutSeconds` | int | `60` | | Send and receive timeout on forwarding request to the origin. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ruleSets` | array | `[]` | | Array of rule set objects. | -| `secrets` | array | `[]` | | Array of secret objects. | -| `tags` | object | `{object}` | | Endpoint tags. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the CDN profile. | -| `profileType` | string | The type of the CDN profile. | -| `resourceGroupName` | string | The resource group where the CDN profile is deployed. | -| `resourceId` | string | The resource ID of the CDN profile. | - -## Cross-referenced modules - -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/cdn.profile:1.0.0`. -## Deployment examples +- [Afd](#example-1-afd) +- [Using large parameter set](#example-2-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Afd

+### Example 1: _Afd_
via Bicep module ```bicep -module profile './cdn/profile/main.bicep' = { +module profile 'br:bicep/modules/cdn.profile:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdnpafd' params: { // Required parameters @@ -297,14 +254,17 @@ module profile './cdn/profile/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module profile './cdn/profile/main.bicep' = { +module profile 'br:bicep/modules/cdn.profile:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdnpcom' params: { // Required parameters @@ -439,3 +399,156 @@ module profile './cdn/profile/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the CDN profile. | +| [`sku`](#parameter-sku) | string | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`origionGroups`](#parameter-origiongroups) | array | Array of origin group objects. Required if the afdEndpoints is specified. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`afdEndpoints`](#parameter-afdendpoints) | array | Array of AFD endpoint objects. | +| [`customDomains`](#parameter-customdomains) | array | Array of custom domain objects. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endpointName`](#parameter-endpointname) | string | Name of the endpoint under the profile which is unique globally. | +| [`endpointProperties`](#parameter-endpointproperties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`originResponseTimeoutSeconds`](#parameter-originresponsetimeoutseconds) | int | Send and receive timeout on forwarding request to the origin. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ruleSets`](#parameter-rulesets) | array | Array of rule set objects. | +| [`secrets`](#parameter-secrets) | array | Array of secret objects. | +| [`tags`](#parameter-tags) | object | Endpoint tags. | + +### Parameter: `afdEndpoints` + +Array of AFD endpoint objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customDomains` + +Array of custom domain objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointName` + +Name of the endpoint under the profile which is unique globally. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `endpointProperties` + +Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `originResponseTimeoutSeconds` + +Send and receive timeout on forwarding request to the origin. +- Required: No +- Type: int +- Default: `60` + +### Parameter: `origionGroups` + +Array of origin group objects. Required if the afdEndpoints is specified. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ruleSets` + +Array of rule set objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +Array of secret objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. +- Required: Yes +- Type: string +- Allowed: `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]` + +### Parameter: `tags` + +Endpoint tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the CDN profile. | +| `profileType` | string | The type of the CDN profile. | +| `resourceGroupName` | string | The resource group where the CDN profile is deployed. | +| `resourceId` | string | The resource ID of the CDN profile. | + +## Cross-referenced modules + +_None_ diff --git a/modules/cdn/profile/afdEndpoint/README.md b/modules/cdn/profile/afdEndpoint/README.md index 92b71cb16f..6668c13e76 100644 --- a/modules/cdn/profile/afdEndpoint/README.md +++ b/modules/cdn/profile/afdEndpoint/README.md @@ -20,31 +20,87 @@ This module deploys a CDN Profile AFD Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the AFD Endpoint. | +| [`name`](#parameter-name) | string | The name of the AFD Endpoint. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` | Indicates the endpoint name reuse scope. The default value is TenantReuse. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. | -| `location` | string | `[resourceGroup().location]` | | The location of the AFD Endpoint. | -| `routes` | array | `[]` | | The list of routes for this AFD Endpoint. | -| `tags` | object | `{object}` | | The tags of the AFD Endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Indicates the endpoint name reuse scope. The default value is TenantReuse. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. | +| [`location`](#parameter-location) | string | The location of the AFD Endpoint. | +| [`routes`](#parameter-routes) | array | The list of routes for this AFD Endpoint. | +| [`tags`](#parameter-tags) | object | The tags of the AFD Endpoint. | + +### Parameter: `autoGeneratedDomainNameLabelScope` + +Indicates the endpoint name reuse scope. The default value is TenantReuse. +- Required: No +- Type: string +- Default: `'TenantReuse'` +- Allowed: `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Indicates whether the AFD Endpoint is enabled. The default value is Enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +The location of the AFD Endpoint. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the AFD Endpoint. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `routes` + +The list of routes for this AFD Endpoint. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +The tags of the AFD Endpoint. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the AFD Endpoint. | diff --git a/modules/cdn/profile/afdEndpoint/route/README.md b/modules/cdn/profile/afdEndpoint/route/README.md index ee07973325..5b63f03281 100644 --- a/modules/cdn/profile/afdEndpoint/route/README.md +++ b/modules/cdn/profile/afdEndpoint/route/README.md @@ -19,33 +19,139 @@ This module deploys a CDN Profile AFD Endpoint route. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `afdEndpointName` | string | | The name of the AFD endpoint. | -| `name` | string | | The name of the route. | -| `originGroupName` | string | `''` | The name of the origin group. The origin group must be defined in the profile originGroups. | -| `profileName` | string | | The name of the parent CDN profile. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`afdEndpointName`](#parameter-afdendpointname) | string | The name of the AFD endpoint. | +| [`name`](#parameter-name) | string | The name of the route. | +| [`originGroupName`](#parameter-origingroupname) | string | The name of the origin group. The origin group must be defined in the profile originGroups. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cacheConfiguration` | object | `{object}` | | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | -| `customDomainName` | string | | | The name of the custom domain. The custom domain must be defined in the profile customDomains. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route is enabled. | -| `forwardingProtocol` | string | `'MatchRequest'` | `[HttpOnly, HttpsOnly, MatchRequest]` | The protocol this rule will use when forwarding traffic to backends. | -| `httpsRedirect` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to automatically redirect HTTP traffic to HTTPS traffic. | -| `linkToDefaultDomain` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route will be linked to the default endpoint domain. | -| `originPath` | string | `''` | | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | -| `patternsToMatch` | array | `[]` | | The route patterns of the rule. | -| `ruleSets` | array | `[]` | | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. | -| `supportedProtocols` | array | `[]` | `[Http, Https]` | The supported protocols of the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cacheConfiguration`](#parameter-cacheconfiguration) | object | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | +| [`customDomainName`](#parameter-customdomainname) | string | The name of the custom domain. The custom domain must be defined in the profile customDomains. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Whether this route is enabled. | +| [`forwardingProtocol`](#parameter-forwardingprotocol) | string | The protocol this rule will use when forwarding traffic to backends. | +| [`httpsRedirect`](#parameter-httpsredirect) | string | Whether to automatically redirect HTTP traffic to HTTPS traffic. | +| [`linkToDefaultDomain`](#parameter-linktodefaultdomain) | string | Whether this route will be linked to the default endpoint domain. | +| [`originPath`](#parameter-originpath) | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | +| [`patternsToMatch`](#parameter-patternstomatch) | array | The route patterns of the rule. | +| [`ruleSets`](#parameter-rulesets) | array | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. | +| [`supportedProtocols`](#parameter-supportedprotocols) | array | The supported protocols of the rule. | + +### Parameter: `afdEndpointName` + +The name of the AFD endpoint. +- Required: Yes +- Type: string + +### Parameter: `cacheConfiguration` + +The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `customDomainName` + +The name of the custom domain. The custom domain must be defined in the profile customDomains. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Whether this route is enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `forwardingProtocol` + +The protocol this rule will use when forwarding traffic to backends. +- Required: No +- Type: string +- Default: `'MatchRequest'` +- Allowed: `[HttpOnly, HttpsOnly, MatchRequest]` + +### Parameter: `httpsRedirect` + +Whether to automatically redirect HTTP traffic to HTTPS traffic. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `linkToDefaultDomain` + +Whether this route will be linked to the default endpoint domain. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `name` + +The name of the route. +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the origin group. The origin group must be defined in the profile originGroups. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `originPath` + +A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `patternsToMatch` + +The route patterns of the rule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `profileName` + +The name of the parent CDN profile. +- Required: Yes +- Type: string + +### Parameter: `ruleSets` + +The rule sets of the rule. The rule sets must be defined in the profile ruleSets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `supportedProtocols` + +The supported protocols of the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Http, Https]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the route. | | `resourceGroupName` | string | The name of the resource group the route was created in. | diff --git a/modules/cdn/profile/customdomain/README.md b/modules/cdn/profile/customdomain/README.md index 87399b9693..57363db2c1 100644 --- a/modules/cdn/profile/customdomain/README.md +++ b/modules/cdn/profile/customdomain/README.md @@ -19,33 +19,101 @@ This module deploys a CDN Profile Custom Domains. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `certificateType` | string | `[CustomerCertificate, ManagedCertificate]` | The type of the certificate used for secure delivery. | -| `hostName` | string | | The host name of the domain. Must be a domain name. | -| `name` | string | | The name of the custom domain. | -| `profileName` | string | | The name of the CDN profile. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificateType`](#parameter-certificatetype) | string | The type of the certificate used for secure delivery. | +| [`hostName`](#parameter-hostname) | string | The host name of the domain. Must be a domain name. | +| [`name`](#parameter-name) | string | The name of the custom domain. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extendedProperties` | object | `{object}` | | Key-Value pair representing migration properties for domains. | -| `minimumTlsVersion` | string | `'TLS12'` | `[TLS10, TLS12]` | The minimum TLS version required for the custom domain. Default value: TLS12. | -| `preValidatedCustomDomainResourceId` | string | `''` | | Resource reference to the Azure resource where custom domain ownership was prevalidated. | -| `secretName` | string | `''` | | The name of the secret. ie. subs/rg/profile/secret. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extendedProperties`](#parameter-extendedproperties) | object | Key-Value pair representing migration properties for domains. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version required for the custom domain. Default value: TLS12. | +| [`preValidatedCustomDomainResourceId`](#parameter-prevalidatedcustomdomainresourceid) | string | Resource reference to the Azure resource where custom domain ownership was prevalidated. | +| [`secretName`](#parameter-secretname) | string | The name of the secret. ie. subs/rg/profile/secret. | **Optonal parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `azureDnsZoneResourceId` | string | `''` | Resource reference to the Azure DNS zone. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureDnsZoneResourceId`](#parameter-azurednszoneresourceid) | string | Resource reference to the Azure DNS zone. | + +### Parameter: `azureDnsZoneResourceId` + +Resource reference to the Azure DNS zone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `certificateType` + +The type of the certificate used for secure delivery. +- Required: Yes +- Type: string +- Allowed: `[CustomerCertificate, ManagedCertificate]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extendedProperties` + +Key-Value pair representing migration properties for domains. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `hostName` + +The host name of the domain. Must be a domain name. +- Required: Yes +- Type: string + +### Parameter: `minimumTlsVersion` + +The minimum TLS version required for the custom domain. Default value: TLS12. +- Required: No +- Type: string +- Default: `'TLS12'` +- Allowed: `[TLS10, TLS12]` + +### Parameter: `name` + +The name of the custom domain. +- Required: Yes +- Type: string + +### Parameter: `preValidatedCustomDomainResourceId` + +Resource reference to the Azure resource where custom domain ownership was prevalidated. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `secretName` + +The name of the secret. ie. subs/rg/profile/secret. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the custom domain. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | diff --git a/modules/cdn/profile/endpoint/README.md b/modules/cdn/profile/endpoint/README.md index 688a86025a..7681a1e2f8 100644 --- a/modules/cdn/profile/endpoint/README.md +++ b/modules/cdn/profile/endpoint/README.md @@ -20,29 +20,68 @@ This module deploys a CDN Profile Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the endpoint under the profile which is unique globally. | -| `properties` | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | +| [`name`](#parameter-name) | string | Name of the endpoint under the profile which is unique globally. | +| [`properties`](#parameter-properties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Resource location. | -| `tags` | object | `{object}` | Endpoint tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Resource location. | +| [`tags`](#parameter-tags) | object | Endpoint tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the endpoint under the profile which is unique globally. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `properties` + +Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). +- Required: Yes +- Type: object + +### Parameter: `tags` + +Endpoint tags. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `endpointProperties` | object | The properties of the endpoint. | | `location` | string | The location the resource was deployed into. | diff --git a/modules/cdn/profile/endpoint/origin/README.md b/modules/cdn/profile/endpoint/origin/README.md index c4e00f6ddd..706d8a9c4a 100644 --- a/modules/cdn/profile/endpoint/origin/README.md +++ b/modules/cdn/profile/endpoint/origin/README.md @@ -19,37 +19,128 @@ This module deploys a CDN Profile Endpoint Origin. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `endpointName` | string | The name of the CDN Endpoint. | -| `hostName` | string | The hostname of the origin. | -| `name` | string | The name of the origin. | +| [`endpointName`](#parameter-endpointname) | string | The name of the CDN Endpoint. | +| [`hostName`](#parameter-hostname) | string | The hostname of the origin. | +| [`name`](#parameter-name) | string | The name of the origin. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `priority` | int | `-1` | The priority of origin in given origin group for load balancing. Required if `weight` is provided. | -| `privateLinkAlias` | string | | The private link alias of the origin. Required if privateLinkLocation is provided. | -| `privateLinkLocation` | string | | The private link location of the origin. Required if privateLinkAlias is provided. | -| `weight` | int | `-1` | The weight of the origin used for load balancing. Required if `priority` is provided. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`priority`](#parameter-priority) | int | The priority of origin in given origin group for load balancing. Required if `weight` is provided. | +| [`privateLinkAlias`](#parameter-privatelinkalias) | string | The private link alias of the origin. Required if privateLinkLocation is provided. | +| [`privateLinkLocation`](#parameter-privatelinklocation) | string | The private link location of the origin. Required if privateLinkAlias is provided. | +| [`weight`](#parameter-weight) | int | The weight of the origin used for load balancing. Required if `priority` is provided. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enabled` | bool | `True` | Whether the origin is enabled for load balancing. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `httpPort` | int | `80` | The HTTP port of the origin. | -| `httpsPort` | int | `443` | The HTTPS port of the origin. | -| `originHostHeader` | string | | The host header value sent to the origin. | -| `privateLinkResourceId` | string | | The private link resource ID of the origin. | -| `profileName` | string | `'default'` | The name of the CDN profile. Default to "default". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enabled`](#parameter-enabled) | bool | Whether the origin is enabled for load balancing. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`httpPort`](#parameter-httpport) | int | The HTTP port of the origin. | +| [`httpsPort`](#parameter-httpsport) | int | The HTTPS port of the origin. | +| [`originHostHeader`](#parameter-originhostheader) | string | The host header value sent to the origin. | +| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The private link resource ID of the origin. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. Default to "default". | + +### Parameter: `enabled` + +Whether the origin is enabled for load balancing. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointName` + +The name of the CDN Endpoint. +- Required: Yes +- Type: string + +### Parameter: `hostName` + +The hostname of the origin. +- Required: Yes +- Type: string + +### Parameter: `httpPort` + +The HTTP port of the origin. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `httpsPort` + +The HTTPS port of the origin. +- Required: No +- Type: int +- Default: `443` + +### Parameter: `name` + +The name of the origin. +- Required: Yes +- Type: string + +### Parameter: `originHostHeader` + +The host header value sent to the origin. +- Required: Yes +- Type: string + +### Parameter: `priority` + +The priority of origin in given origin group for load balancing. Required if `weight` is provided. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `privateLinkAlias` + +The private link alias of the origin. Required if privateLinkLocation is provided. +- Required: Yes +- Type: string + +### Parameter: `privateLinkLocation` + +The private link location of the origin. Required if privateLinkAlias is provided. +- Required: Yes +- Type: string + +### Parameter: `privateLinkResourceId` + +The private link resource ID of the origin. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the CDN profile. Default to "default". +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `weight` + +The weight of the origin used for load balancing. Required if `priority` is provided. +- Required: No +- Type: int +- Default: `-1` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the endpoint. | diff --git a/modules/cdn/profile/origingroup/README.md b/modules/cdn/profile/origingroup/README.md index fd8396cd17..0ba329cf7b 100644 --- a/modules/cdn/profile/origingroup/README.md +++ b/modules/cdn/profile/origingroup/README.md @@ -20,26 +20,80 @@ This module deploys a CDN Profile Origin Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `loadBalancingSettings` | object | Load balancing settings for a backend pool. | -| `name` | string | The name of the origin group. | -| `origins` | array | The list of origins within the origin group. | -| `profileName` | string | The name of the CDN profile. | +| [`loadBalancingSettings`](#parameter-loadbalancingsettings) | object | Load balancing settings for a backend pool. | +| [`name`](#parameter-name) | string | The name of the origin group. | +| [`origins`](#parameter-origins) | array | The list of origins within the origin group. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `healthProbeSettings` | object | `{object}` | | Health probe settings to the origin that is used to determine the health of the origin. | -| `sessionAffinityState` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether to allow session affinity on this host. | -| `trafficRestorationTimeToHealedOrNewEndpointsInMinutes` | int | `10` | | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`healthProbeSettings`](#parameter-healthprobesettings) | object | Health probe settings to the origin that is used to determine the health of the origin. | +| [`sessionAffinityState`](#parameter-sessionaffinitystate) | string | Whether to allow session affinity on this host. | +| [`trafficRestorationTimeToHealedOrNewEndpointsInMinutes`](#parameter-trafficrestorationtimetohealedornewendpointsinminutes) | int | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `healthProbeSettings` + +Health probe settings to the origin that is used to determine the health of the origin. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `loadBalancingSettings` + +Load balancing settings for a backend pool. +- Required: Yes +- Type: object + +### Parameter: `name` + +The name of the origin group. +- Required: Yes +- Type: string + +### Parameter: `origins` + +The list of origins within the origin group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `sessionAffinityState` + +Whether to allow session affinity on this host. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `trafficRestorationTimeToHealedOrNewEndpointsInMinutes` + +Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. +- Required: No +- Type: int +- Default: `10` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the origin group. | diff --git a/modules/cdn/profile/origingroup/origin/README.md b/modules/cdn/profile/origingroup/origin/README.md index 260e7846fb..fd6cf7110b 100644 --- a/modules/cdn/profile/origingroup/origin/README.md +++ b/modules/cdn/profile/origingroup/origin/README.md @@ -19,31 +19,119 @@ This module deploys a CDN Profile Origin. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hostName` | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | -| `name` | string | The name of the origion. | -| `originGroupName` | string | The name of the group. | -| `profileName` | string | The name of the CDN profile. | +| [`hostName`](#parameter-hostname) | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | +| [`name`](#parameter-name) | string | The name of the origion. | +| [`originGroupName`](#parameter-origingroupname) | string | The name of the group. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | -| `enforceCertificateNameCheck` | bool | `True` | | Whether to enable certificate name check at origin level. | -| `httpPort` | int | `80` | | The value of the HTTP port. Must be between 1 and 65535. | -| `httpsPort` | int | `443` | | The value of the HTTPS port. Must be between 1 and 65535. | -| `originHostHeader` | string | `''` | | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. | -| `priority` | int | `1` | | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. | -| `sharedPrivateLinkResource` | object | `{object}` | | The properties of the private link resource for private origin. | -| `weight` | int | `1000` | | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | +| [`enforceCertificateNameCheck`](#parameter-enforcecertificatenamecheck) | bool | Whether to enable certificate name check at origin level. | +| [`httpPort`](#parameter-httpport) | int | The value of the HTTP port. Must be between 1 and 65535. | +| [`httpsPort`](#parameter-httpsport) | int | The value of the HTTPS port. Must be between 1 and 65535. | +| [`originHostHeader`](#parameter-originhostheader) | string | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. | +| [`priority`](#parameter-priority) | int | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. | +| [`sharedPrivateLinkResource`](#parameter-sharedprivatelinkresource) | object | The properties of the private link resource for private origin. | +| [`weight`](#parameter-weight) | int | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `enforceCertificateNameCheck` + +Whether to enable certificate name check at origin level. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostName` + +The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. +- Required: Yes +- Type: string + +### Parameter: `httpPort` + +The value of the HTTP port. Must be between 1 and 65535. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `httpsPort` + +The value of the HTTPS port. Must be between 1 and 65535. +- Required: No +- Type: int +- Default: `443` + +### Parameter: `name` + +The name of the origion. +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the group. +- Required: Yes +- Type: string + +### Parameter: `originHostHeader` + +The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `priority` + +Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `sharedPrivateLinkResource` + +The properties of the private link resource for private origin. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `weight` + +Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. +- Required: No +- Type: int +- Default: `1000` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the origin. | | `resourceGroupName` | string | The name of the resource group the origin was created in. | diff --git a/modules/cdn/profile/ruleset/README.md b/modules/cdn/profile/ruleset/README.md index de4783b188..e7dc4c15de 100644 --- a/modules/cdn/profile/ruleset/README.md +++ b/modules/cdn/profile/ruleset/README.md @@ -20,27 +20,53 @@ This module deploys a CDN Profile rule set. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the rule set. | -| `profileName` | string | The name of the CDN profile. | +| [`name`](#parameter-name) | string | The name of the rule set. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | **Optinal parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `rules` | array | The rules to apply to the rule set. | +| [`rules`](#parameter-rules) | array | The rules to apply to the rule set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the rule set. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `rules` + +The rules to apply to the rule set. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the rule set. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | diff --git a/modules/cdn/profile/ruleset/rule/README.md b/modules/cdn/profile/ruleset/rule/README.md index 9fbaa502eb..53201f8cfb 100644 --- a/modules/cdn/profile/ruleset/rule/README.md +++ b/modules/cdn/profile/ruleset/rule/README.md @@ -19,26 +19,78 @@ This module deploys a CDN Profile rule. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `matchProcessingBehavior` | string | `[Continue, Stop]` | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. | -| `name` | string | | The name of the rule. | -| `order` | int | | The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. | -| `profileName` | string | | The name of the profile. | -| `ruleSetName` | string | | The name of the rule set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`matchProcessingBehavior`](#parameter-matchprocessingbehavior) | string | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. | +| [`name`](#parameter-name) | string | The name of the rule. | +| [`order`](#parameter-order) | int | The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. | +| [`profileName`](#parameter-profilename) | string | The name of the profile. | +| [`ruleSetName`](#parameter-rulesetname) | string | The name of the rule set. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | A list of actions that are executed when all the conditions of a rule are satisfied. | -| `conditions` | array | `[]` | A list of conditions that must be matched for the actions to be executed. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | A list of actions that are executed when all the conditions of a rule are satisfied. | +| [`conditions`](#parameter-conditions) | array | A list of conditions that must be matched for the actions to be executed. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `actions` + +A list of actions that are executed when all the conditions of a rule are satisfied. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `conditions` + +A list of conditions that must be matched for the actions to be executed. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `matchProcessingBehavior` + +If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. +- Required: Yes +- Type: string +- Allowed: `[Continue, Stop]` + +### Parameter: `name` + +The name of the rule. +- Required: Yes +- Type: string + +### Parameter: `order` + +The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. +- Required: Yes +- Type: int + +### Parameter: `profileName` + +The name of the profile. +- Required: Yes +- Type: string + +### Parameter: `ruleSetName` + +The name of the rule set. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the rule. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | diff --git a/modules/cdn/profile/secret/README.md b/modules/cdn/profile/secret/README.md index 4f1a1f6161..9156b542e5 100644 --- a/modules/cdn/profile/secret/README.md +++ b/modules/cdn/profile/secret/README.md @@ -19,31 +19,86 @@ This module deploys a CDN Profile Secret. **Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `name` | string | | | The name of the secrect. | -| `type` | string | `'AzureFirstPartyManagedCertificate'` | `[AzureFirstPartyManagedCertificate, CustomerCertificate, ManagedCertificate, UrlSigningKey]` | The type of the secrect. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the secrect. | +| [`type`](#parameter-type) | string | The type of the secrect. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `profileName` | string | | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | -| `secretSourceResourceId` | string | `''` | The resource ID of the secrect source. Required if the type is CustomerCertificate. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`secretSourceResourceId`](#parameter-secretsourceresourceid) | string | The resource ID of the secrect source. Required if the type is CustomerCertificate. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `secretVersion` | string | `''` | The version of the secret. | -| `subjectAlternativeNames` | array | `[]` | The subject alternative names of the secrect. | -| `useLatestVersion` | bool | `False` | Indicates whether to use the latest version of the secrect. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`secretVersion`](#parameter-secretversion) | string | The version of the secret. | +| [`subjectAlternativeNames`](#parameter-subjectalternativenames) | array | The subject alternative names of the secrect. | +| [`useLatestVersion`](#parameter-uselatestversion) | bool | Indicates whether to use the latest version of the secrect. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the secrect. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `secretSourceResourceId` + +The resource ID of the secrect source. Required if the type is CustomerCertificate. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `secretVersion` + +The version of the secret. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subjectAlternativeNames` + +The subject alternative names of the secrect. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `type` + +The type of the secrect. +- Required: No +- Type: string +- Default: `'AzureFirstPartyManagedCertificate'` +- Allowed: `[AzureFirstPartyManagedCertificate, CustomerCertificate, ManagedCertificate, UrlSigningKey]` + +### Parameter: `useLatestVersion` + +Indicates whether to use the latest version of the secrect. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the secrect. | | `resourceGroupName` | string | The name of the resource group the secret was created in. | diff --git a/modules/cognitive-services/account/.test/common/main.test.bicep b/modules/cognitive-services/account/.test/common/main.test.bicep index 0802ae9df8..39d0bbbd26 100644 --- a/modules/cognitive-services/account/.test/common/main.test.bicep +++ b/modules/cognitive-services/account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cognitive-services/account/.test/min/main.test.bicep b/modules/cognitive-services/account/.test/min/main.test.bicep index 727b9a5a92..c24b67f868 100644 --- a/modules/cognitive-services/account/.test/min/main.test.bicep +++ b/modules/cognitive-services/account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md index 93f229c9e9..1d92f15fb0 100644 --- a/modules/cognitive-services/account/README.md +++ b/modules/cognitive-services/account/README.md @@ -4,14 +4,14 @@ This module deploys a Cognitive Service. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,91 +22,30 @@ This module deploys a Cognitive Service. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` | Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | -| `name` | string | | The name of Cognitive Services account. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Conditional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/cognitive-services.account:1.0.0`. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | -| `customSubDomainName` | string | `''` | Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Speech](#example-4-speech) -**Optional parameters** +### Example 1: _Using large parameter set_ -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedFqdnList` | array | `[]` | | List of allowed FQDN. | -| `apiProperties` | object | `{object}` | | The API properties for special APIs. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, latest is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit, RequestResponse]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | Allow only Azure AD authentication. Should be enabled for security reasons. | -| `dynamicThrottlingEnabled` | bool | `False` | | The flag to enable dynamic throttling. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `migrationToken` | string | `''` | | Resource migration token. | -| `networkAcls` | object | `{object}` | | A collection of rules governing the accessibility from specific network locations. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | -| `restore` | bool | `False` | | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. | -| `restrictOutboundNetworkAccess` | bool | `True` | | Restrict outbound network access. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'S0'` | `[C2, C3, C4, F0, F1, S, S0, S1, S10, S2, S3, S4, S5, S6, S7, S8, S9]` | SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userOwnedStorage` | array | `[]` | | The storage accounts for this resource. | - - -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `endpoint` | string | The service endpoint of the cognitive services account. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the cognitive services account. | -| `resourceGroupName` | string | The resource group the cognitive services account was deployed into. | -| `resourceId` | string | The resource ID of the cognitive services account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module account './cognitive-services/account/main.bicep' = { +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csacom' params: { // Required parameters @@ -284,14 +223,14 @@ module account './cognitive-services/account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module account './cognitive-services/account/main.bicep' = { +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csaencr' params: { // Required parameters @@ -365,14 +304,17 @@ module account './cognitive-services/account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module account './cognitive-services/account/main.bicep' = { +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csamin' params: { // Required parameters @@ -414,14 +356,14 @@ module account './cognitive-services/account/main.bicep' = {

-

Example 4: Speech

+### Example 4: _Speech_
via Bicep module ```bicep -module account './cognitive-services/account/main.bicep' = { +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csaspeech' params: { // Required parameters @@ -530,6 +472,311 @@ module account './cognitive-services/account/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | +| [`name`](#parameter-name) | string | The name of Cognitive Services account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | +| [`customSubDomainName`](#parameter-customsubdomainname) | string | Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedFqdnList`](#parameter-allowedfqdnlist) | array | List of allowed FQDN. | +| [`apiProperties`](#parameter-apiproperties) | object | The API properties for special APIs. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, latest is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Allow only Azure AD authentication. Should be enabled for security reasons. | +| [`dynamicThrottlingEnabled`](#parameter-dynamicthrottlingenabled) | bool | The flag to enable dynamic throttling. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`migrationToken`](#parameter-migrationtoken) | string | Resource migration token. | +| [`networkAcls`](#parameter-networkacls) | object | A collection of rules governing the accessibility from specific network locations. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | +| [`restore`](#parameter-restore) | bool | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. | +| [`restrictOutboundNetworkAccess`](#parameter-restrictoutboundnetworkaccess) | bool | Restrict outbound network access. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userOwnedStorage`](#parameter-userownedstorage) | array | The storage accounts for this resource. | + +### Parameter: `allowedFqdnList` + +List of allowed FQDN. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiProperties` + +The API properties for special APIs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, latest is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customSubDomainName` + +Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Audit, RequestResponse]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Allow only Azure AD authentication. Should be enabled for security reasons. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `dynamicThrottlingEnabled` + +The flag to enable dynamic throttling. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. +- Required: Yes +- Type: string +- Allowed: `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `migrationToken` + +Resource migration token. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of Cognitive Services account. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +A collection of rules governing the accessibility from specific network locations. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `restore` + +Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `restrictOutboundNetworkAccess` + +Restrict outbound network access. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. +- Required: No +- Type: string +- Default: `'S0'` +- Allowed: `[C2, C3, C4, F0, F1, S, S0, S1, S10, S2, S3, S4, S5, S6, S7, S8, S9]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userOwnedStorage` + +The storage accounts for this resource. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `endpoint` | string | The service endpoint of the cognitive services account. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the cognitive services account. | +| `resourceGroupName` | string | The resource group the cognitive services account was deployed into. | +| `resourceId` | string | The resource ID of the cognitive services account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes Not all combinations of parameters `kind` and `SKU` are valid and they may vary in different Azure Regions. Please use PowerShell cmdlet `Get-AzCognitiveServicesAccountSku` or another methods to determine valid values in your region. diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json index bf739e9b56..cbee7b00f2 100644 --- a/modules/cognitive-services/account/main.json +++ b/modules/cognitive-services/account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11205324681033433198" + "version": "0.22.6.54827", + "templateHash": "13442875800072342008" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -452,8 +452,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -652,8 +652,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -790,8 +790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1004,8 +1004,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8402203115964616978" + "version": "0.22.6.54827", + "templateHash": "2121072685211673304" } }, "parameters": { diff --git a/modules/compute/availability-set/.test/common/main.test.bicep b/modules/compute/availability-set/.test/common/main.test.bicep index 6bece2dc2d..ae1d4d2684 100644 --- a/modules/compute/availability-set/.test/common/main.test.bicep +++ b/modules/compute/availability-set/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/availability-set/.test/min/main.test.bicep b/modules/compute/availability-set/.test/min/main.test.bicep index 440148ac96..9160e72cc4 100644 --- a/modules/compute/availability-set/.test/min/main.test.bicep +++ b/modules/compute/availability-set/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md index 795e47aef4..84aafa7e4b 100644 --- a/modules/compute/availability-set/README.md +++ b/modules/compute/availability-set/README.md @@ -4,13 +4,13 @@ This module deploys an Availability Set. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,57 +18,28 @@ This module deploys an Availability Set. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/availabilitySets` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/availabilitySets) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the availability set that is being created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `platformFaultDomainCount` | int | `2` | | The number of fault domains to use. | -| `platformUpdateDomainCount` | int | `5` | | The number of update domains to use. | -| `proximityPlacementGroupResourceId` | string | `''` | | Resource ID of a proximity placement group. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Aligned'` | | SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. | -| `tags` | object | `{object}` | | Tags of the availability set resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the availability set. | -| `resourceGroupName` | string | The resource group the availability set was deployed into. | -| `resourceId` | string | The resource ID of the availability set. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.availability-set:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module availabilitySet './compute/availability-set/main.bicep' = { +module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cascom' params: { // Required parameters @@ -146,14 +117,17 @@ module availabilitySet './compute/availability-set/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module availabilitySet './compute/availability-set/main.bicep' = { +module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-casmin' params: { // Required parameters @@ -190,3 +164,110 @@ module availabilitySet './compute/availability-set/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the availability set that is being created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`platformFaultDomainCount`](#parameter-platformfaultdomaincount) | int | The number of fault domains to use. | +| [`platformUpdateDomainCount`](#parameter-platformupdatedomaincount) | int | The number of update domains to use. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. | +| [`tags`](#parameter-tags) | object | Tags of the availability set resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the availability set that is being created. +- Required: Yes +- Type: string + +### Parameter: `platformFaultDomainCount` + +The number of fault domains to use. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `platformUpdateDomainCount` + +The number of update domains to use. +- Required: No +- Type: int +- Default: `5` + +### Parameter: `proximityPlacementGroupResourceId` + +Resource ID of a proximity placement group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. +- Required: No +- Type: string +- Default: `'Aligned'` + +### Parameter: `tags` + +Tags of the availability set resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the availability set. | +| `resourceGroupName` | string | The resource group the availability set was deployed into. | +| `resourceId` | string | The resource ID of the availability set. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/availability-set/main.json b/modules/compute/availability-set/main.json index 0f7753fa37..19bcaa1b81 100644 --- a/modules/compute/availability-set/main.json +++ b/modules/compute/availability-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5171259001608994511" + "version": "0.22.6.54827", + "templateHash": "9507883477012630410" }, "name": "Availability Sets", "description": "This module deploys an Availability Set.", @@ -165,8 +165,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12543587259073888483" + "version": "0.22.6.54827", + "templateHash": "5622639352313082546" } }, "parameters": { diff --git a/modules/compute/disk-encryption-set/.test/common/main.test.bicep b/modules/compute/disk-encryption-set/.test/common/main.test.bicep index 5b54d45427..a6ad758a86 100644 --- a/modules/compute/disk-encryption-set/.test/common/main.test.bicep +++ b/modules/compute/disk-encryption-set/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/disk-encryption-set/README.md b/modules/compute/disk-encryption-set/README.md index beee32ad5d..c6bac4b9e8 100644 --- a/modules/compute/disk-encryption-set/README.md +++ b/modules/compute/disk-encryption-set/README.md @@ -4,13 +4,13 @@ This module deploys a Disk Encryption Set. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,73 +20,25 @@ This module deploys a Disk Encryption Set. | `Microsoft.KeyVault/vaults/accessPolicies` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/accessPolicies) | | `Microsoft.ManagedIdentity/userAssignedIdentities` | [2018-11-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `keyName` | string | Key URL (with version) pointing to a key or secret in KeyVault. | -| `keyVaultResourceId` | string | Resource ID of the KeyVault containing the key or secret. | -| `name` | string | The name of the disk encryption set that is being created. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `systemAssignedIdentity` | bool | `True` | Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionType` | string | `'EncryptionAtRestWithPlatformAndCustomerKeys'` | `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys]` | The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. | -| `federatedClientId` | string | `'None'` | | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. | -| `keyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `rotationToLatestKeyVersionEnabled` | bool | `False` | | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | -| `tags` | object | `{object}` | | Tags of the disk encryption resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `identities` | object | The idenities of the disk encryption set. | -| `keyVaultName` | string | The name of the key vault with the disk encryption key. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the disk encryption set. | -| `principalId` | string | The principal ID of the disk encryption set. | -| `resourceGroupName` | string | The resource group the disk encryption set was deployed into. | -| `resourceId` | string | The resource ID of the disk encryption set. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.disk-encryption-set:1.0.0`. -## Cross-referenced modules +- [Accesspolicies](#example-1-accesspolicies) +- [Using large parameter set](#example-2-using-large-parameter-set) -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `key-vault/vault/access-policy` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Accesspolicies

+### Example 1: _Accesspolicies_
via Bicep module ```bicep -module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = { +module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdesap' params: { // Required parameters @@ -176,14 +128,17 @@ module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = { +module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdescom' params: { // Required parameters @@ -276,3 +231,153 @@ module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-keyname) | string | Key URL (with version) pointing to a key or secret in KeyVault. | +| [`keyVaultResourceId`](#parameter-keyvaultresourceid) | string | Resource ID of the KeyVault containing the key or secret. | +| [`name`](#parameter-name) | string | The name of the disk encryption set that is being created. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionType`](#parameter-encryptiontype) | string | The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. | +| [`federatedClientId`](#parameter-federatedclientid) | string | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. | +| [`keyVersion`](#parameter-keyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`rotationToLatestKeyVersionEnabled`](#parameter-rotationtolatestkeyversionenabled) | bool | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | +| [`tags`](#parameter-tags) | object | Tags of the disk encryption resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionType` + +The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. +- Required: No +- Type: string +- Default: `'EncryptionAtRestWithPlatformAndCustomerKeys'` +- Allowed: `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys]` + +### Parameter: `federatedClientId` + +Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. +- Required: No +- Type: string +- Default: `'None'` + +### Parameter: `keyName` + +Key URL (with version) pointing to a key or secret in KeyVault. +- Required: Yes +- Type: string + +### Parameter: `keyVaultResourceId` + +Resource ID of the KeyVault containing the key or secret. +- Required: Yes +- Type: string + +### Parameter: `keyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the disk encryption set that is being created. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rotationToLatestKeyVersionEnabled` + +Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `tags` + +Tags of the disk encryption resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `identities` | object | The idenities of the disk encryption set. | +| `keyVaultName` | string | The name of the key vault with the disk encryption key. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the disk encryption set. | +| `principalId` | string | The principal ID of the disk encryption set. | +| `resourceGroupName` | string | The resource group the disk encryption set was deployed into. | +| `resourceId` | string | The resource ID of the disk encryption set. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/key-vault/vault/access-policy` | Local reference | diff --git a/modules/compute/disk-encryption-set/main.json b/modules/compute/disk-encryption-set/main.json index 64d9b15bb7..d695c7fa4b 100644 --- a/modules/compute/disk-encryption-set/main.json +++ b/modules/compute/disk-encryption-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18377917753202643188" + "version": "0.22.6.54827", + "templateHash": "2262193414925411787" }, "name": "Disk Encryption Sets", "description": "This module deploys a Disk Encryption Set.", @@ -210,8 +210,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1230112027833486150" + "version": "0.22.6.54827", + "templateHash": "17441180682016270247" } }, "parameters": { @@ -286,8 +286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7222366309271203422" + "version": "0.22.6.54827", + "templateHash": "7398650593557443106" } }, "parameters": { @@ -358,8 +358,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10458348557666655329" + "version": "0.22.6.54827", + "templateHash": "2131300650084383528" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -492,8 +492,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13165233376501361165" + "version": "0.22.6.54827", + "templateHash": "17225067072833999246" } }, "parameters": { diff --git a/modules/compute/disk/.test/common/main.test.bicep b/modules/compute/disk/.test/common/main.test.bicep index 7b06f5ded0..aa9864c7ed 100644 --- a/modules/compute/disk/.test/common/main.test.bicep +++ b/modules/compute/disk/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/disk/.test/min/main.test.bicep b/modules/compute/disk/.test/min/main.test.bicep index 15661b44b4..6a69bbe644 100644 --- a/modules/compute/disk/.test/min/main.test.bicep +++ b/modules/compute/disk/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md index 1c03c30837..1443faa26e 100644 --- a/modules/compute/disk/README.md +++ b/modules/compute/disk/README.md @@ -5,10 +5,10 @@ This module deploys a Compute Disk ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,80 +18,30 @@ This module deploys a Compute Disk | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/disks` | [2022-07-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-07-02/disks) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the disk that is being created. | -| `sku` | string | `[Premium_LRS, Premium_ZRS, Premium_ZRS, PremiumV2_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS]` | The disks sku name. Can be . | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Conditional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `diskSizeGB` | int | `0` | The size of the disk to create. Required if create option is Empty. | -| `storageAccountId` | string | `''` | The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.disk:1.0.0`. -**Optional parameters** +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Image](#example-2-image) +- [Import](#example-3-import) +- [Using only defaults](#example-4-using-only-defaults) -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `acceleratedNetwork` | bool | `False` | | True if the image from which the OS disk is created supports accelerated networking. | -| `architecture` | string | `''` | `['', Arm64, x64]` | CPU architecture supported by an OS disk. | -| `burstingEnabled` | bool | `False` | | Set to true to enable bursting beyond the provisioned performance target of the disk. | -| `completionPercent` | int | `100` | | Percentage complete for the background copy when a resource is created via the CopyStart operation. | -| `createOption` | string | `'Empty'` | `[Attach, Copy, CopyStart, Empty, FromImage, Import, ImportSecure, Restore, Upload, UploadPreparedSecure]` | Sources of a disk creation. | -| `diskIOPSReadWrite` | int | `0` | | The number of IOPS allowed for this disk; only settable for UltraSSD disks. | -| `diskMBpsReadWrite` | int | `0` | | The bandwidth allowed for this disk; only settable for UltraSSD disks. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hyperVGeneration` | string | `'V2'` | `[V1, V2]` | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | -| `imageReferenceId` | string | `''` | | A relative uri containing either a Platform Image Repository or user image reference. | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logicalSectorSize` | int | `4096` | | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. | -| `maxShares` | int | `1` | | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. | -| `networkAccessPolicy` | string | `'DenyAll'` | `[AllowAll, AllowPrivate, DenyAll]` | Policy for accessing the disk via network. | -| `optimizedForFrequentAttach` | bool | `False` | | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | -| `osType` | string | `''` | `['', Linux, Windows]` | Sources of a disk creation. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Policy for controlling export on the disk. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityDataUri` | string | `''` | | If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. | -| `sourceResourceId` | string | `''` | | If create option is Copy, this is the ARM ID of the source snapshot or disk. | -| `sourceUri` | string | `''` | | If create option is Import, this is the URI of a blob to be imported into a managed disk. | -| `tags` | object | `{object}` | | Tags of the availability set resource. | -| `uploadSizeBytes` | int | `20972032` | | If create option is Upload, this is the size of the contents of the upload including the VHD footer. | +### Example 1: _Using large parameter set_ +This instance deploys the module with most of its features enabled. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the disk. | -| `resourceGroupName` | string | The resource group the disk was deployed into. | -| `resourceId` | string | The resource ID of the disk. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module disk './compute/disk/main.bicep' = { +module disk 'br:bicep/modules/compute.disk:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdcom' params: { // Required parameters @@ -193,14 +143,14 @@ module disk './compute/disk/main.bicep' = {

-

Example 2: Image

+### Example 2: _Image_
via Bicep module ```bicep -module disk './compute/disk/main.bicep' = { +module disk 'br:bicep/modules/compute.disk:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdimg' params: { // Required parameters @@ -282,14 +232,14 @@ module disk './compute/disk/main.bicep' = {

-

Example 3: Import

+### Example 3: _Import_
via Bicep module ```bicep -module disk './compute/disk/main.bicep' = { +module disk 'br:bicep/modules/compute.disk:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdimp' params: { // Required parameters @@ -375,14 +325,17 @@ module disk './compute/disk/main.bicep' = {

-

Example 4: Min

+### Example 4: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module disk './compute/disk/main.bicep' = { +module disk 'br:bicep/modules/compute.disk:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdmin' params: { // Required parameters @@ -427,3 +380,265 @@ module disk './compute/disk/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the disk that is being created. | +| [`sku`](#parameter-sku) | string | The disks sku name. Can be . | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diskSizeGB`](#parameter-disksizegb) | int | The size of the disk to create. Required if create option is Empty. | +| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`acceleratedNetwork`](#parameter-acceleratednetwork) | bool | True if the image from which the OS disk is created supports accelerated networking. | +| [`architecture`](#parameter-architecture) | string | CPU architecture supported by an OS disk. | +| [`burstingEnabled`](#parameter-burstingenabled) | bool | Set to true to enable bursting beyond the provisioned performance target of the disk. | +| [`completionPercent`](#parameter-completionpercent) | int | Percentage complete for the background copy when a resource is created via the CopyStart operation. | +| [`createOption`](#parameter-createoption) | string | Sources of a disk creation. | +| [`diskIOPSReadWrite`](#parameter-diskiopsreadwrite) | int | The number of IOPS allowed for this disk; only settable for UltraSSD disks. | +| [`diskMBpsReadWrite`](#parameter-diskmbpsreadwrite) | int | The bandwidth allowed for this disk; only settable for UltraSSD disks. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | +| [`imageReferenceId`](#parameter-imagereferenceid) | string | A relative uri containing either a Platform Image Repository or user image reference. | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`logicalSectorSize`](#parameter-logicalsectorsize) | int | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. | +| [`maxShares`](#parameter-maxshares) | int | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. | +| [`networkAccessPolicy`](#parameter-networkaccesspolicy) | string | Policy for accessing the disk via network. | +| [`optimizedForFrequentAttach`](#parameter-optimizedforfrequentattach) | bool | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | +| [`osType`](#parameter-ostype) | string | Sources of a disk creation. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Policy for controlling export on the disk. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityDataUri`](#parameter-securitydatauri) | string | If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. | +| [`sourceResourceId`](#parameter-sourceresourceid) | string | If create option is Copy, this is the ARM ID of the source snapshot or disk. | +| [`sourceUri`](#parameter-sourceuri) | string | If create option is Import, this is the URI of a blob to be imported into a managed disk. | +| [`tags`](#parameter-tags) | object | Tags of the availability set resource. | +| [`uploadSizeBytes`](#parameter-uploadsizebytes) | int | If create option is Upload, this is the size of the contents of the upload including the VHD footer. | + +### Parameter: `acceleratedNetwork` + +True if the image from which the OS disk is created supports accelerated networking. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `architecture` + +CPU architecture supported by an OS disk. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Arm64, x64]` + +### Parameter: `burstingEnabled` + +Set to true to enable bursting beyond the provisioned performance target of the disk. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `completionPercent` + +Percentage complete for the background copy when a resource is created via the CopyStart operation. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `createOption` + +Sources of a disk creation. +- Required: No +- Type: string +- Default: `'Empty'` +- Allowed: `[Attach, Copy, CopyStart, Empty, FromImage, Import, ImportSecure, Restore, Upload, UploadPreparedSecure]` + +### Parameter: `diskIOPSReadWrite` + +The number of IOPS allowed for this disk; only settable for UltraSSD disks. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `diskMBpsReadWrite` + +The bandwidth allowed for this disk; only settable for UltraSSD disks. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `diskSizeGB` + +The size of the disk to create. Required if create option is Empty. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hyperVGeneration` + +The hypervisor generation of the Virtual Machine. Applicable to OS disks only. +- Required: No +- Type: string +- Default: `'V2'` +- Allowed: `[V1, V2]` + +### Parameter: `imageReferenceId` + +A relative uri containing either a Platform Image Repository or user image reference. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `logicalSectorSize` + +Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. +- Required: No +- Type: int +- Default: `4096` + +### Parameter: `maxShares` + +The maximum number of VMs that can attach to the disk at the same time. Default value is 0. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +The name of the disk that is being created. +- Required: Yes +- Type: string + +### Parameter: `networkAccessPolicy` + +Policy for accessing the disk via network. +- Required: No +- Type: string +- Default: `'DenyAll'` +- Allowed: `[AllowAll, AllowPrivate, DenyAll]` + +### Parameter: `optimizedForFrequentAttach` + +Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `osType` + +Sources of a disk creation. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Linux, Windows]` + +### Parameter: `publicNetworkAccess` + +Policy for controlling export on the disk. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityDataUri` + +If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sku` + +The disks sku name. Can be . +- Required: Yes +- Type: string +- Allowed: `[Premium_LRS, Premium_ZRS, Premium_ZRS, PremiumV2_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS]` + +### Parameter: `sourceResourceId` + +If create option is Copy, this is the ARM ID of the source snapshot or disk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceUri` + +If create option is Import, this is the URI of a blob to be imported into a managed disk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountId` + +The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the availability set resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uploadSizeBytes` + +If create option is Upload, this is the size of the contents of the upload including the VHD footer. +- Required: No +- Type: int +- Default: `20972032` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the disk. | +| `resourceGroupName` | string | The resource group the disk was deployed into. | +| `resourceId` | string | The resource ID of the disk. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/disk/main.json b/modules/compute/disk/main.json index 39c388e7bf..84ea41a567 100644 --- a/modules/compute/disk/main.json +++ b/modules/compute/disk/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5862388830070369227" + "version": "0.22.6.54827", + "templateHash": "12764361220335313353" }, "name": "Compute Disks", "description": "This module deploys a Compute Disk", @@ -353,8 +353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15033488944608271524" + "version": "0.22.6.54827", + "templateHash": "9743538331774034121" } }, "parameters": { diff --git a/modules/compute/gallery/.test/common/main.test.bicep b/modules/compute/gallery/.test/common/main.test.bicep index 7d1d8b24e4..661d7c9463 100644 --- a/modules/compute/gallery/.test/common/main.test.bicep +++ b/modules/compute/gallery/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/gallery/.test/min/main.test.bicep b/modules/compute/gallery/.test/min/main.test.bicep index df2b8e1bfb..363ba87906 100644 --- a/modules/compute/gallery/.test/min/main.test.bicep +++ b/modules/compute/gallery/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/gallery/README.md b/modules/compute/gallery/README.md index 361dfefa38..61b8789f43 100644 --- a/modules/compute/gallery/README.md +++ b/modules/compute/gallery/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Compute Gallery (formerly known as Shared Image Gal ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,56 +20,28 @@ This module deploys an Azure Compute Gallery (formerly known as Shared Image Gal | `Microsoft.Compute/galleries/applications` | [2022-03-03](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-03-03/galleries/applications) | | `Microsoft.Compute/galleries/images` | [2022-03-03](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-03-03/galleries/images) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Compute Gallery. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applications` | array | `[]` | | Applications to create. | -| `description` | string | `''` | | Description of the Azure Shared Image Gallery. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `images` | array | `[]` | | Images to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags for all resources. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed image gallery. | -| `resourceGroupName` | string | The resource group of the deployed image gallery. | -| `resourceId` | string | The resource ID of the deployed image gallery. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.gallery:1.0.0`. -## Cross-referenced modules +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -_None_ +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module gallery './compute/gallery/main.bicep' = { +module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cgcom' params: { // Required parameters @@ -401,14 +373,17 @@ module gallery './compute/gallery/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module gallery './compute/gallery/main.bicep' = { +module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cgmin' params: { // Required parameters @@ -445,3 +420,102 @@ module gallery './compute/gallery/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Compute Gallery. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applications`](#parameter-applications) | array | Applications to create. | +| [`description`](#parameter-description) | string | Description of the Azure Shared Image Gallery. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`images`](#parameter-images) | array | Images to create. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | + +### Parameter: `applications` + +Applications to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the Azure Shared Image Gallery. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `images` + +Images to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Compute Gallery. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed image gallery. | +| `resourceGroupName` | string | The resource group of the deployed image gallery. | +| `resourceId` | string | The resource ID of the deployed image gallery. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/gallery/application/README.md b/modules/compute/gallery/application/README.md index ad83eb42dc..9f581840d4 100644 --- a/modules/compute/gallery/application/README.md +++ b/modules/compute/gallery/application/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Compute Gallery Application. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,36 +21,126 @@ This module deploys an Azure Compute Gallery Application. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the application definition. | +| [`name`](#parameter-name) | string | Name of the application definition. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `galleryName` | string | The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. | +| [`galleryName`](#parameter-galleryname) | string | The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customActions` | array | `[]` | | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. | -| `description` | string | `''` | | The description of this gallery Application Definition resource. This property is updatable. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endOfLifeDate` | string | `''` | | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | -| `eula` | string | `''` | | The Eula agreement for the gallery Application Definition. Has to be a valid URL. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `privacyStatementUri` | string | `''` | | The privacy statement uri. Has to be a valid URL. | -| `releaseNoteUri` | string | `''` | | The release note uri. Has to be a valid URL. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `supportedOSType` | string | `'Windows'` | `[Linux, Windows]` | This property allows you to specify the supported type of the OS that application is built for. | -| `tags` | object | `{object}` | | Tags for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customActions`](#parameter-customactions) | array | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. | +| [`description`](#parameter-description) | string | The description of this gallery Application Definition resource. This property is updatable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endOfLifeDate`](#parameter-endoflifedate) | string | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | +| [`eula`](#parameter-eula) | string | The Eula agreement for the gallery Application Definition. Has to be a valid URL. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`privacyStatementUri`](#parameter-privacystatementuri) | string | The privacy statement uri. Has to be a valid URL. | +| [`releaseNoteUri`](#parameter-releasenoteuri) | string | The release note uri. Has to be a valid URL. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`supportedOSType`](#parameter-supportedostype) | string | This property allows you to specify the supported type of the OS that application is built for. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | + +### Parameter: `customActions` + +A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of this gallery Application Definition resource. This property is updatable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endOfLifeDate` + +The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `eula` + +The Eula agreement for the gallery Application Definition. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `galleryName` + +The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the application definition. +- Required: Yes +- Type: string + +### Parameter: `privacyStatementUri` + +The privacy statement uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `releaseNoteUri` + +The release note uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `supportedOSType` + +This property allows you to specify the supported type of the OS that application is built for. +- Required: No +- Type: string +- Default: `'Windows'` +- Allowed: `[Linux, Windows]` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the image. | diff --git a/modules/compute/gallery/application/main.json b/modules/compute/gallery/application/main.json index 723172da86..c845191f4c 100644 --- a/modules/compute/gallery/application/main.json +++ b/modules/compute/gallery/application/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "302763326863799273" + "version": "0.22.6.54827", + "templateHash": "16139720757397534180" }, "name": "Compute Galleries Applications", "description": "This module deploys an Azure Compute Gallery Application.", @@ -172,8 +172,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3891555929973685105" + "version": "0.22.6.54827", + "templateHash": "13281580182526787077" } }, "parameters": { diff --git a/modules/compute/gallery/image/README.md b/modules/compute/gallery/image/README.md index 51ccbb2e93..3ad27fb151 100644 --- a/modules/compute/gallery/image/README.md +++ b/modules/compute/gallery/image/README.md @@ -4,12 +4,12 @@ This module deploys an Azure Compute Gallery Image Definition. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,51 +20,251 @@ This module deploys an Azure Compute Gallery Image Definition. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the image definition. | +| [`name`](#parameter-name) | string | Name of the image definition. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `galleryName` | string | The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. | +| [`galleryName`](#parameter-galleryname) | string | The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The description of this gallery Image Definition resource. This property is updatable. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endOfLife` | string | `''` | | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | -| `eula` | string | `''` | | The Eula agreement for the gallery Image Definition. Has to be a valid URL. | -| `excludedDiskTypes` | array | `[]` | | List of the excluded disk types. E.g. Standard_LRS. | -| `hyperVGeneration` | string | `''` | `['', V1, V2]` | The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. | -| `isAcceleratedNetworkSupported` | string | `'false'` | `[false, true]` | The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. | -| `isHibernateSupported` | string | `'false'` | `[false, true]` | The image will support hibernation. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `maxRecommendedMemory` | int | `16` | | The maximum amount of RAM in GB recommended for this image. | -| `maxRecommendedvCPUs` | int | `4` | | The maximum number of the CPU cores recommended for this image. | -| `minRecommendedMemory` | int | `4` | | The minimum amount of RAM in GB recommended for this image. | -| `minRecommendedvCPUs` | int | `1` | | The minimum number of the CPU cores recommended for this image. | -| `offer` | string | `'WindowsServer'` | | The name of the gallery Image Definition offer. | -| `osState` | string | `'Generalized'` | `[Generalized, Specialized]` | This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. | -| `osType` | string | `'Windows'` | `[Linux, Windows]` | OS type of the image to be created. | -| `planName` | string | `''` | | The plan ID. | -| `planPublisherName` | string | `''` | | The publisher ID. | -| `privacyStatementUri` | string | `''` | | The privacy statement uri. Has to be a valid URL. | -| `productName` | string | `''` | | The product ID. | -| `publisher` | string | `'MicrosoftWindowsServer'` | | The name of the gallery Image Definition publisher. | -| `releaseNoteUri` | string | `''` | | The release note uri. Has to be a valid URL. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityType` | string | `'Standard'` | `[ConfidentialVM, ConfidentialVMSupported, Standard, TrustedLaunch]` | The security type of the image. Requires a hyperVGeneration V2. | -| `sku` | string | `'2019-Datacenter'` | | The name of the gallery Image Definition SKU. | -| `tags` | object | `{object}` | | Tags for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of this gallery Image Definition resource. This property is updatable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endOfLife`](#parameter-endoflife) | string | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | +| [`eula`](#parameter-eula) | string | The Eula agreement for the gallery Image Definition. Has to be a valid URL. | +| [`excludedDiskTypes`](#parameter-excludeddisktypes) | array | List of the excluded disk types. E.g. Standard_LRS. | +| [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. | +| [`isAcceleratedNetworkSupported`](#parameter-isacceleratednetworksupported) | string | The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. | +| [`isHibernateSupported`](#parameter-ishibernatesupported) | string | The image will support hibernation. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`maxRecommendedMemory`](#parameter-maxrecommendedmemory) | int | The maximum amount of RAM in GB recommended for this image. | +| [`maxRecommendedvCPUs`](#parameter-maxrecommendedvcpus) | int | The maximum number of the CPU cores recommended for this image. | +| [`minRecommendedMemory`](#parameter-minrecommendedmemory) | int | The minimum amount of RAM in GB recommended for this image. | +| [`minRecommendedvCPUs`](#parameter-minrecommendedvcpus) | int | The minimum number of the CPU cores recommended for this image. | +| [`offer`](#parameter-offer) | string | The name of the gallery Image Definition offer. | +| [`osState`](#parameter-osstate) | string | This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. | +| [`osType`](#parameter-ostype) | string | OS type of the image to be created. | +| [`planName`](#parameter-planname) | string | The plan ID. | +| [`planPublisherName`](#parameter-planpublishername) | string | The publisher ID. | +| [`privacyStatementUri`](#parameter-privacystatementuri) | string | The privacy statement uri. Has to be a valid URL. | +| [`productName`](#parameter-productname) | string | The product ID. | +| [`publisher`](#parameter-publisher) | string | The name of the gallery Image Definition publisher. | +| [`releaseNoteUri`](#parameter-releasenoteuri) | string | The release note uri. Has to be a valid URL. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityType`](#parameter-securitytype) | string | The security type of the image. Requires a hyperVGeneration V2. | +| [`sku`](#parameter-sku) | string | The name of the gallery Image Definition SKU. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | + +### Parameter: `description` + +The description of this gallery Image Definition resource. This property is updatable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endOfLife` + +The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `eula` + +The Eula agreement for the gallery Image Definition. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `excludedDiskTypes` + +List of the excluded disk types. E.g. Standard_LRS. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `galleryName` + +The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `hyperVGeneration` + +The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', V1, V2]` + +### Parameter: `isAcceleratedNetworkSupported` + +The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `isHibernateSupported` + +The image will support hibernation. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `maxRecommendedMemory` + +The maximum amount of RAM in GB recommended for this image. +- Required: No +- Type: int +- Default: `16` + +### Parameter: `maxRecommendedvCPUs` + +The maximum number of the CPU cores recommended for this image. +- Required: No +- Type: int +- Default: `4` + +### Parameter: `minRecommendedMemory` + +The minimum amount of RAM in GB recommended for this image. +- Required: No +- Type: int +- Default: `4` + +### Parameter: `minRecommendedvCPUs` + +The minimum number of the CPU cores recommended for this image. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +Name of the image definition. +- Required: Yes +- Type: string + +### Parameter: `offer` + +The name of the gallery Image Definition offer. +- Required: No +- Type: string +- Default: `'WindowsServer'` + +### Parameter: `osState` + +This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. +- Required: No +- Type: string +- Default: `'Generalized'` +- Allowed: `[Generalized, Specialized]` + +### Parameter: `osType` + +OS type of the image to be created. +- Required: No +- Type: string +- Default: `'Windows'` +- Allowed: `[Linux, Windows]` + +### Parameter: `planName` + +The plan ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `planPublisherName` + +The publisher ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privacyStatementUri` + +The privacy statement uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `productName` + +The product ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publisher` + +The name of the gallery Image Definition publisher. +- Required: No +- Type: string +- Default: `'MicrosoftWindowsServer'` + +### Parameter: `releaseNoteUri` + +The release note uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityType` + +The security type of the image. Requires a hyperVGeneration V2. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[ConfidentialVM, ConfidentialVMSupported, Standard, TrustedLaunch]` + +### Parameter: `sku` + +The name of the gallery Image Definition SKU. +- Required: No +- Type: string +- Default: `'2019-Datacenter'` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the image. | diff --git a/modules/compute/gallery/image/main.json b/modules/compute/gallery/image/main.json index 3cc4aa0a12..27cd77a9d9 100644 --- a/modules/compute/gallery/image/main.json +++ b/modules/compute/gallery/image/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14112753208892308004" + "version": "0.22.6.54827", + "templateHash": "12756969313323460277" }, "name": "Compute Galleries Image Definitions", "description": "This module deploys an Azure Compute Gallery Image Definition.", @@ -333,8 +333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5875220683176267757" + "version": "0.22.6.54827", + "templateHash": "11966293152836776526" } }, "parameters": { diff --git a/modules/compute/gallery/main.json b/modules/compute/gallery/main.json index 30cefa77b2..d1a6ae1c3b 100644 --- a/modules/compute/gallery/main.json +++ b/modules/compute/gallery/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9949380945514738513" + "version": "0.22.6.54827", + "templateHash": "18299186787302449822" }, "name": "Azure Compute Galleries", "description": "This module deploys an Azure Compute Gallery (formerly known as Shared Image Gallery).", @@ -158,8 +158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4214079490664881100" + "version": "0.22.6.54827", + "templateHash": "14589885933064386870" } }, "parameters": { @@ -333,8 +333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3432608104011360661" + "version": "0.22.6.54827", + "templateHash": "16139720757397534180" }, "name": "Compute Galleries Applications", "description": "This module deploys an Azure Compute Gallery Application.", @@ -501,8 +501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1432477963725169802" + "version": "0.22.6.54827", + "templateHash": "13281580182526787077" } }, "parameters": { @@ -726,8 +726,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11726406803846510228" + "version": "0.22.6.54827", + "templateHash": "12756969313323460277" }, "name": "Compute Galleries Image Definitions", "description": "This module deploys an Azure Compute Gallery Image Definition.", @@ -1055,8 +1055,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9996928759826468102" + "version": "0.22.6.54827", + "templateHash": "11966293152836776526" } }, "parameters": { diff --git a/modules/compute/image/.test/common/main.test.bicep b/modules/compute/image/.test/common/main.test.bicep index 05f4ac649e..64743cb96c 100644 --- a/modules/compute/image/.test/common/main.test.bicep +++ b/modules/compute/image/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/image/README.md b/modules/compute/image/README.md index bfe1ab68d0..2616327300 100644 --- a/modules/compute/image/README.md +++ b/modules/compute/image/README.md @@ -4,79 +4,40 @@ This module deploys a Compute Image. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/images` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/images) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the image. | -| `osDiskBlobUri` | string | The Virtual Hard Disk. | -| `osType` | string | This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.image:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dataDisks` | array | `[]` | | Specifies the parameters that are used to add a data disk to a virtual machine. | -| `diskEncryptionSetResourceId` | string | `''` | | Specifies the customer managed disk encryption set resource ID for the managed image disk. | -| `diskSizeGB` | int | `128` | | Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extendedLocation` | object | `{object}` | | The extended location of the Image. | -| `hyperVGeneration` | string | `'V1'` | | Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `managedDiskResourceId` | string | `''` | | The managedDisk. | -| `osAccountType` | string | | | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. | -| `osDiskCaching` | string | | | Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. | -| `osState` | string | `'Generalized'` | `[Generalized, Specialized]` | The OS State. For managed images, use Generalized. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `snapshotResourceId` | string | `''` | | The snapshot resource ID. | -| `sourceVirtualMachineResourceId` | string | `''` | | The source virtual machine from which Image is created. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneResilient` | bool | `False` | | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). | +- [Using large parameter set](#example-1-using-large-parameter-set) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the image. | -| `resourceGroupName` | string | The resource group the image was deployed into. | -| `resourceId` | string | The resource ID of the image. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module image './compute/image/main.bicep' = { +module image 'br:bicep/modules/compute.image:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicom' params: { // Required parameters @@ -181,3 +142,178 @@ module image './compute/image/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the image. | +| [`osDiskBlobUri`](#parameter-osdiskbloburi) | string | The Virtual Hard Disk. | +| [`osType`](#parameter-ostype) | string | This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dataDisks`](#parameter-datadisks) | array | Specifies the parameters that are used to add a data disk to a virtual machine. | +| [`diskEncryptionSetResourceId`](#parameter-diskencryptionsetresourceid) | string | Specifies the customer managed disk encryption set resource ID for the managed image disk. | +| [`diskSizeGB`](#parameter-disksizegb) | int | Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extendedLocation`](#parameter-extendedlocation) | object | The extended location of the Image. | +| [`hyperVGeneration`](#parameter-hypervgeneration) | string | Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managedDiskResourceId`](#parameter-manageddiskresourceid) | string | The managedDisk. | +| [`osAccountType`](#parameter-osaccounttype) | string | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. | +| [`osDiskCaching`](#parameter-osdiskcaching) | string | Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. | +| [`osState`](#parameter-osstate) | string | The OS State. For managed images, use Generalized. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`snapshotResourceId`](#parameter-snapshotresourceid) | string | The snapshot resource ID. | +| [`sourceVirtualMachineResourceId`](#parameter-sourcevirtualmachineresourceid) | string | The source virtual machine from which Image is created. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneResilient`](#parameter-zoneresilient) | bool | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). | + +### Parameter: `dataDisks` + +Specifies the parameters that are used to add a data disk to a virtual machine. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diskEncryptionSetResourceId` + +Specifies the customer managed disk encryption set resource ID for the managed image disk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diskSizeGB` + +Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. +- Required: No +- Type: int +- Default: `128` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extendedLocation` + +The extended location of the Image. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `hyperVGeneration` + +Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. +- Required: No +- Type: string +- Default: `'V1'` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `managedDiskResourceId` + +The managedDisk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the image. +- Required: Yes +- Type: string + +### Parameter: `osAccountType` + +Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. +- Required: Yes +- Type: string + +### Parameter: `osDiskBlobUri` + +The Virtual Hard Disk. +- Required: Yes +- Type: string + +### Parameter: `osDiskCaching` + +Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. +- Required: Yes +- Type: string + +### Parameter: `osState` + +The OS State. For managed images, use Generalized. +- Required: No +- Type: string +- Default: `'Generalized'` +- Allowed: `[Generalized, Specialized]` + +### Parameter: `osType` + +This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `snapshotResourceId` + +The snapshot resource ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceVirtualMachineResourceId` + +The source virtual machine from which Image is created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneResilient` + +Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the image. | +| `resourceGroupName` | string | The resource group the image was deployed into. | +| `resourceId` | string | The resource ID of the image. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/image/main.json b/modules/compute/image/main.json index ae3a9cc984..4d5551e4a8 100644 --- a/modules/compute/image/main.json +++ b/modules/compute/image/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2820072627955480116" + "version": "0.22.6.54827", + "templateHash": "10714756522840080401" }, "name": "Images", "description": "This module deploys a Compute Image.", @@ -221,8 +221,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18299600248178146819" + "version": "0.22.6.54827", + "templateHash": "17260715174516023943" } }, "parameters": { diff --git a/modules/compute/proximity-placement-group/.test/common/main.test.bicep b/modules/compute/proximity-placement-group/.test/common/main.test.bicep index 04e74c7088..38de4fd5d1 100644 --- a/modules/compute/proximity-placement-group/.test/common/main.test.bicep +++ b/modules/compute/proximity-placement-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/proximity-placement-group/.test/min/main.test.bicep b/modules/compute/proximity-placement-group/.test/min/main.test.bicep index 244fae144c..cb745a8bda 100644 --- a/modules/compute/proximity-placement-group/.test/min/main.test.bicep +++ b/modules/compute/proximity-placement-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/proximity-placement-group/README.md b/modules/compute/proximity-placement-group/README.md index 42bb92577b..69368d6058 100644 --- a/modules/compute/proximity-placement-group/README.md +++ b/modules/compute/proximity-placement-group/README.md @@ -4,13 +4,13 @@ This module deploys a Proximity Placement Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,57 +18,28 @@ This module deploys a Proximity Placement Group. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/proximityPlacementGroups` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-08-01/proximityPlacementGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the proximity placement group that is being created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `colocationStatus` | object | `{object}` | | Describes colocation status of the Proximity Placement Group. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `intent` | object | `{object}` | | Specifies the user intent of the proximity placement group. | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the proximity placement group resource. | -| `type` | string | `'Standard'` | `[Standard, Ultra]` | Specifies the type of the proximity placement group. | -| `zones` | array | `[]` | | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the proximity placement group. | -| `resourceGroupName` | string | The resource group the proximity placement group was deployed into. | -| `resourceId` | string | The resourceId the proximity placement group. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.proximity-placement-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module proximityPlacementGroup './compute/proximity-placement-group/main.bicep' = { +module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cppgcom' params: { // Required parameters @@ -182,14 +153,17 @@ module proximityPlacementGroup './compute/proximity-placement-group/main.bicep'

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module proximityPlacementGroup './compute/proximity-placement-group/main.bicep' = { +module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cppgmin' params: { // Required parameters @@ -226,3 +200,111 @@ module proximityPlacementGroup './compute/proximity-placement-group/main.bicep'

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the proximity placement group that is being created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`colocationStatus`](#parameter-colocationstatus) | object | Describes colocation status of the Proximity Placement Group. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`intent`](#parameter-intent) | object | Specifies the user intent of the proximity placement group. | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the proximity placement group resource. | +| [`type`](#parameter-type) | string | Specifies the type of the proximity placement group. | +| [`zones`](#parameter-zones) | array | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. | + +### Parameter: `colocationStatus` + +Describes colocation status of the Proximity Placement Group. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `intent` + +Specifies the user intent of the proximity placement group. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the proximity placement group that is being created. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the proximity placement group resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +Specifies the type of the proximity placement group. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Standard, Ultra]` + +### Parameter: `zones` + +Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the proximity placement group. | +| `resourceGroupName` | string | The resource group the proximity placement group was deployed into. | +| `resourceId` | string | The resourceId the proximity placement group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/proximity-placement-group/main.json b/modules/compute/proximity-placement-group/main.json index c14b4643cf..515ff086af 100644 --- a/modules/compute/proximity-placement-group/main.json +++ b/modules/compute/proximity-placement-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12193143335374733252" + "version": "0.22.6.54827", + "templateHash": "6477295143375151288" }, "name": "Proximity Placement Groups", "description": "This module deploys a Proximity Placement Group.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9569185937867215918" + "version": "0.22.6.54827", + "templateHash": "843117559787773713" } }, "parameters": { diff --git a/modules/compute/ssh-public-key/.test/common/main.test.bicep b/modules/compute/ssh-public-key/.test/common/main.test.bicep index 0a61dd1d16..f20494fb87 100644 --- a/modules/compute/ssh-public-key/.test/common/main.test.bicep +++ b/modules/compute/ssh-public-key/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/ssh-public-key/.test/min/main.test.bicep b/modules/compute/ssh-public-key/.test/min/main.test.bicep index c115e84702..dfc7cdd0ec 100644 --- a/modules/compute/ssh-public-key/.test/min/main.test.bicep +++ b/modules/compute/ssh-public-key/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/ssh-public-key/README.md b/modules/compute/ssh-public-key/README.md index ae6fc16917..d55794c19a 100644 --- a/modules/compute/ssh-public-key/README.md +++ b/modules/compute/ssh-public-key/README.md @@ -7,10 +7,10 @@ This module deploys a Public SSH Key. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,54 +20,28 @@ This module deploys a Public SSH Key. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/sshPublicKeys` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-08-01/sshPublicKeys) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the SSH public Key that is being created. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicKey` | string | `''` | | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the availability set resource. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.ssh-public-key:1.0.0`. +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Outputs +### Example 1: _Using large parameter set_ -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Public SSH Key. | -| `resourceGroupName` | string | The name of the Resource Group the Public SSH Key was created in. | -| `resourceId` | string | The resource ID of the Public SSH Key. | - -## Cross-referenced modules - -_None_ +This instance deploys the module with most of its features enabled. -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module sshPublicKey './compute/ssh-public-key/main.bicep' = { +module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cspkcom' params: { // Required parameters @@ -109,14 +83,17 @@ module sshPublicKey './compute/ssh-public-key/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module sshPublicKey './compute/ssh-public-key/main.bicep' = { +module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cspkmin' params: { // Required parameters @@ -153,3 +130,86 @@ module sshPublicKey './compute/ssh-public-key/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the SSH public Key that is being created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicKey`](#parameter-publickey) | string | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the availability set resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the SSH public Key that is being created. +- Required: Yes +- Type: string + +### Parameter: `publicKey` + +SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the availability set resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Public SSH Key. | +| `resourceGroupName` | string | The name of the Resource Group the Public SSH Key was created in. | +| `resourceId` | string | The resource ID of the Public SSH Key. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/ssh-public-key/main.json b/modules/compute/ssh-public-key/main.json index 8249f12974..b0179a9ba4 100644 --- a/modules/compute/ssh-public-key/main.json +++ b/modules/compute/ssh-public-key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15954994307790830722" + "version": "0.22.6.54827", + "templateHash": "10030504426335419860" }, "name": "Public SSH Keys", "description": "This module deploys a Public SSH Key.\r\n\r\n> Note: The resource does not auto-generate the key for you.", @@ -139,8 +139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6373247458133694880" + "version": "0.22.6.54827", + "templateHash": "12934875075357551454" } }, "parameters": { diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md index 9c7583c1c4..7bd3a39ad8 100644 --- a/modules/compute/virtual-machine-scale-set/README.md +++ b/modules/compute/virtual-machine-scale-set/README.md @@ -4,14 +4,14 @@ This module deploys a Virtual Machine Scale Set. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,134 +21,28 @@ This module deploys a Virtual Machine Scale Set. | `Microsoft.Compute/virtualMachineScaleSets/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachineScaleSets/extensions) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -### Resource dependency +## Usage examples -The following resources are required to be able to deploy this resource. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -- `Microsoft.Network/VirtualNetwork` +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `adminUsername` | securestring | | Administrator username. | -| `imageReference` | object | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | -| `name` | string | | Name of the VMSS. | -| `nicConfigurations` | array | | Configures NICs and PIPs. | -| `osDisk` | object | | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | -| `osType` | string | `[Linux, Windows]` | The chosen OS type. | -| `skuName` | string | | The SKU size of the VMs. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | -| `automaticRepairsPolicyEnabled` | bool | `False` | | Specifies whether automatic repairs should be enabled on the virtual machine scale set. | -| `availabilityZones` | array | `[]` | | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. | -| `bootDiagnosticStorageAccountName` | string | `''` | | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. | -| `bootDiagnosticStorageAccountUri` | string | `[format('.blob.{0}/', environment().suffixes.storage)]` | | Storage account boot diagnostic base URI. | -| `customData` | string | `''` | | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | -| `dataDisks` | array | `[]` | | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableAutomaticRollback` | bool | `False` | | Whether OS image rollback feature should be disabled. | -| `disablePasswordAuthentication` | bool | `False` | | Specifies whether password authentication should be disabled. | -| `doNotRunExtensionsOnOverprovisionedVMs` | bool | `False` | | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | -| `enableAutomaticOSUpgrade` | bool | `False` | | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | -| `enableAutomaticUpdates` | bool | `True` | | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableEvictionPolicy` | bool | `False` | | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | -| `encryptionAtHost` | bool | `True` | | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. | -| `extensionAntiMalwareConfig` | object | `{object}` | | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionAzureDiskEncryptionConfig` | object | `{object}` | | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | -| `extensionCustomScriptConfig` | object | `{object}` | | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | -| `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `gracePeriod` | string | `'PT30M'` | | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). | -| `licenseType` | string | `''` | `['', Windows_Client, Windows_Server]` | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxBatchInstancePercent` | int | `20` | | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. | -| `maxPriceForLowPriorityVm` | string | `''` | | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | -| `maxUnhealthyInstancePercent` | int | `20` | | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | -| `maxUnhealthyUpgradedInstancePercent` | int | `20` | | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | -| `monitoringWorkspaceId` | string | `''` | | Resource ID of the monitoring log analytics workspace. | -| `overprovision` | bool | `False` | | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | -| `pauseTimeBetweenBatches` | string | `'PT0S'` | | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. | -| `plan` | object | `{object}` | | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | -| `provisionVMAgent` | bool | `True` | | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | -| `proximityPlacementGroupResourceId` | string | `''` | | Resource ID of a proximity placement group. | -| `publicIpDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `publicKeys` | array | `[]` | | The list of SSH public keys used to authenticate with linux based VMs. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sasTokenValidityLength` | string | `'PT8H'` | | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `scaleInPolicy` | object | `{object}` | | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. | -| `scaleSetFaultDomain` | int | `2` | | Fault Domain count for each placement group. | -| `scheduledEventsProfile` | object | `{object}` | | Specifies Scheduled Event related configurations. | -| `secrets` | array | `[]` | | Specifies set of certificates that should be installed onto the virtual machines in the scale set. | -| `secureBootEnabled` | bool | `False` | | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `securityType` | string | `''` | | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. | -| `singlePlacementGroup` | bool | `True` | | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | -| `skuCapacity` | int | `1` | | The initial instance count of scale set VMs. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeZone` | string | `''` | | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | -| `ultraSSDEnabled` | bool | `False` | | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | -| `upgradePolicyMode` | string | `'Manual'` | `[Automatic, Manual, Rolling]` | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vmNamePrefix` | string | `'vmssvm'` | | Specifies the computer name prefix for all of the virtual machines in the scale set. | -| `vmPriority` | string | `'Regular'` | `[Low, Regular, Spot]` | Specifies the priority for the virtual machine. | -| `vTpmEnabled` | bool | `False` | | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `winRM` | object | `{object}` | | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | -| `zoneBalance` | bool | `False` | | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual machine scale set. | -| `resourceGroupName` | string | The resource group of the virtual machine scale set. | -| `resourceId` | string | The resource ID of the virtual machine scale set. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine-scale-set:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Linux](#example-1-linux) +- [Linux.Min](#example-2-linuxmin) +- [Linux.Ssecmk](#example-3-linuxssecmk) +- [Windows](#example-4-windows) +- [Windows.Min](#example-5-windowsmin) -

Example 1: Linux

+### Example 1: _Linux_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsslin' params: { // Required parameters @@ -492,14 +386,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 2: Linux.Min

+### Example 2: _Linux.Min_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsslinmin' params: { // Required parameters @@ -629,14 +523,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 3: Linux.Ssecmk

+### Example 3: _Linux.Ssecmk_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk' params: { // Required parameters @@ -816,14 +710,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 4: Windows

+### Example 4: _Windows_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsswin' params: { // Required parameters @@ -1149,14 +1043,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 5: Windows.Min

+### Example 5: _Windows.Min_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin' params: { // Required parameters @@ -1273,6 +1167,638 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. | +| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | +| [`name`](#parameter-name) | string | Name of the VMSS. | +| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. | +| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | +| [`osType`](#parameter-ostype) | string | The chosen OS type. | +| [`skuName`](#parameter-skuname) | string | The SKU size of the VMs. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | +| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. | +| [`automaticRepairsPolicyEnabled`](#parameter-automaticrepairspolicyenabled) | bool | Specifies whether automatic repairs should be enabled on the virtual machine scale set. | +| [`availabilityZones`](#parameter-availabilityzones) | array | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. | +| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. | +| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. | +| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | +| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableAutomaticRollback`](#parameter-disableautomaticrollback) | bool | Whether OS image rollback feature should be disabled. | +| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. | +| [`doNotRunExtensionsOnOverprovisionedVMs`](#parameter-donotrunextensionsonoverprovisionedvms) | bool | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | +| [`enableAutomaticOSUpgrade`](#parameter-enableautomaticosupgrade) | bool | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | +| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | +| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. | +| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | +| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. | +| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`gracePeriod`](#parameter-graceperiod) | string | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). | +| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxBatchInstancePercent`](#parameter-maxbatchinstancepercent) | int | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. | +| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | +| [`maxUnhealthyInstancePercent`](#parameter-maxunhealthyinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | +| [`maxUnhealthyUpgradedInstancePercent`](#parameter-maxunhealthyupgradedinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | +| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. | +| [`overprovision`](#parameter-overprovision) | bool | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | +| [`pauseTimeBetweenBatches`](#parameter-pausetimebetweenbatches) | string | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. | +| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | +| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | +| [`publicIpDiagnosticSettingsName`](#parameter-publicipdiagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. | +| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`scaleInPolicy`](#parameter-scaleinpolicy) | object | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. | +| [`scaleSetFaultDomain`](#parameter-scalesetfaultdomain) | int | Fault Domain count for each placement group. | +| [`scheduledEventsProfile`](#parameter-scheduledeventsprofile) | object | Specifies Scheduled Event related configurations. | +| [`secrets`](#parameter-secrets) | array | Specifies set of certificates that should be installed onto the virtual machines in the scale set. | +| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. | +| [`singlePlacementGroup`](#parameter-singleplacementgroup) | bool | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | +| [`skuCapacity`](#parameter-skucapacity) | int | The initial instance count of scale set VMs. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | +| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | +| [`upgradePolicyMode`](#parameter-upgradepolicymode) | string | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`vmNamePrefix`](#parameter-vmnameprefix) | string | Specifies the computer name prefix for all of the virtual machines in the scale set. | +| [`vmPriority`](#parameter-vmpriority) | string | Specifies the priority for the virtual machine. | +| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | +| [`zoneBalance`](#parameter-zonebalance) | bool | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | + +### Parameter: `additionalUnattendContent` + +Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `adminPassword` + +When specifying a Windows Virtual Machine, this value should be passed. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `adminUsername` + +Administrator username. +- Required: Yes +- Type: securestring + +### Parameter: `automaticRepairsPolicyEnabled` + +Specifies whether automatic repairs should be enabled on the virtual machine scale set. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `availabilityZones` + +The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `bootDiagnosticStorageAccountName` + +Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `bootDiagnosticStorageAccountUri` + +Storage account boot diagnostic base URI. +- Required: No +- Type: string +- Default: `[format('.blob.{0}/', environment().suffixes.storage)]` + +### Parameter: `customData` + +Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataDisks` + +Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableAutomaticRollback` + +Whether OS image rollback feature should be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disablePasswordAuthentication` + +Specifies whether password authentication should be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `doNotRunExtensionsOnOverprovisionedVMs` + +When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableAutomaticOSUpgrade` + +Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableAutomaticUpdates` + +Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableEvictionPolicy` + +Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `encryptionAtHost` + +This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionAntiMalwareConfig` + +The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionAzureDiskEncryptionConfig` + +The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionCustomScriptConfig` + +The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDependencyAgentConfig` + +The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinConfig` + +The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinPassword` + +Required if name is specified. Password of the user specified in user parameter. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `extensionDSCConfig` + +The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionMonitoringAgentConfig` + +The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionNetworkWatcherAgentConfig` + +The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `gracePeriod` + +The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). +- Required: No +- Type: string +- Default: `'PT30M'` + +### Parameter: `imageReference` + +OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. +- Required: Yes +- Type: object + +### Parameter: `licenseType` + +Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Windows_Client, Windows_Server]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxBatchInstancePercent` + +The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. +- Required: No +- Type: int +- Default: `20` + +### Parameter: `maxPriceForLowPriorityVm` + +Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `maxUnhealthyInstancePercent` + +The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. +- Required: No +- Type: int +- Default: `20` + +### Parameter: `maxUnhealthyUpgradedInstancePercent` + +The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. +- Required: No +- Type: int +- Default: `20` + +### Parameter: `monitoringWorkspaceId` + +Resource ID of the monitoring log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the VMSS. +- Required: Yes +- Type: string + +### Parameter: `nicConfigurations` + +Configures NICs and PIPs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `osDisk` + +Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. +- Required: Yes +- Type: object + +### Parameter: `osType` + +The chosen OS type. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `overprovision` + +Specifies whether the Virtual Machine Scale Set should be overprovisioned. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `pauseTimeBetweenBatches` + +The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. +- Required: No +- Type: string +- Default: `'PT0S'` + +### Parameter: `plan` + +Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `provisionVMAgent` + +Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `proximityPlacementGroupResourceId` + +Resource ID of a proximity placement group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicIpDiagnosticSettingsName` + +The name of the diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `publicKeys` + +The list of SSH public keys used to authenticate with linux based VMs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sasTokenValidityLength` + +SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `scaleInPolicy` + +Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `scaleSetFaultDomain` + +Fault Domain count for each placement group. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `scheduledEventsProfile` + +Specifies Scheduled Event related configurations. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `secrets` + +Specifies set of certificates that should be installed onto the virtual machines in the scale set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secureBootEnabled` + +Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `securityType` + +Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `singlePlacementGroup` + +When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `skuCapacity` + +The initial instance count of scale set VMs. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The SKU size of the VMs. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeZone` + +Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ultraSSDEnabled` + +The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `upgradePolicyMode` + +Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. +- Required: No +- Type: string +- Default: `'Manual'` +- Allowed: `[Automatic, Manual, Rolling]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vmNamePrefix` + +Specifies the computer name prefix for all of the virtual machines in the scale set. +- Required: No +- Type: string +- Default: `'vmssvm'` + +### Parameter: `vmPriority` + +Specifies the priority for the virtual machine. +- Required: No +- Type: string +- Default: `'Regular'` +- Allowed: `[Low, Regular, Spot]` + +### Parameter: `vTpmEnabled` + +Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `winRM` + +Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneBalance` + +Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the virtual machine scale set. | +| `resourceGroupName` | string | The resource group of the virtual machine scale set. | +| `resourceId` | string | The resource ID of the virtual machine scale set. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `imageReference` diff --git a/modules/compute/virtual-machine-scale-set/extension/README.md b/modules/compute/virtual-machine-scale-set/extension/README.md index 52412ef886..462a5b3111 100644 --- a/modules/compute/virtual-machine-scale-set/extension/README.md +++ b/modules/compute/virtual-machine-scale-set/extension/README.md @@ -19,35 +19,112 @@ This module deploys a Virtual Machine Scale Set Extension. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `autoUpgradeMinorVersion` | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | -| `enableAutomaticUpgrade` | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | -| `name` | string | The name of the virtual machine scale set extension. | -| `publisher` | string | The name of the extension handler publisher. | -| `type` | string | Specifies the type of the extension; an example is "CustomScriptExtension". | -| `typeHandlerVersion` | string | Specifies the version of the script handler. | +| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | +| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | +| [`name`](#parameter-name) | string | The name of the virtual machine scale set extension. | +| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. | +| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". | +| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualMachineScaleSetName` | string | The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. | +| [`virtualMachineScaleSetName`](#parameter-virtualmachinescalesetname) | string | The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forceUpdateTag` | string | `''` | How the extension handler should be forced to update even if the extension configuration has not changed. | -| `protectedSettings` | secureObject | `{object}` | Any object that contains the extension specific protected settings. | -| `settings` | object | `{object}` | Any object that contains the extension specific settings. | -| `supressFailures` | bool | `False` | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. | +| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. | +| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. | +| [`supressFailures`](#parameter-supressfailures) | bool | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | + +### Parameter: `autoUpgradeMinorVersion` + +Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. +- Required: Yes +- Type: bool + +### Parameter: `enableAutomaticUpgrade` + +Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. +- Required: Yes +- Type: bool + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forceUpdateTag` + +How the extension handler should be forced to update even if the extension configuration has not changed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the virtual machine scale set extension. +- Required: Yes +- Type: string + +### Parameter: `protectedSettings` + +Any object that contains the extension specific protected settings. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `publisher` + +The name of the extension handler publisher. +- Required: Yes +- Type: string + +### Parameter: `settings` + +Any object that contains the extension specific settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `supressFailures` + +Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. +- Required: Yes +- Type: string + +### Parameter: `virtualMachineScaleSetName` + +The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the extension. | | `resourceGroupName` | string | The name of the Resource Group the extension was created in. | diff --git a/modules/compute/virtual-machine-scale-set/extension/main.json b/modules/compute/virtual-machine-scale-set/extension/main.json index 14783762a8..d63e240501 100644 --- a/modules/compute/virtual-machine-scale-set/extension/main.json +++ b/modules/compute/virtual-machine-scale-set/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3045861199823874082" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json index 974fbd8b00..59b04e2594 100644 --- a/modules/compute/virtual-machine-scale-set/main.json +++ b/modules/compute/virtual-machine-scale-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12564504054150617860" + "version": "0.22.6.54827", + "templateHash": "1180320046795963031" }, "name": "Virtual Machine Scale Sets", "description": "This module deploys a Virtual Machine Scale Set.", @@ -842,8 +842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1028,8 +1028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1219,8 +1219,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1400,8 +1400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1581,8 +1581,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1766,8 +1766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1957,8 +1957,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2143,8 +2143,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2326,8 +2326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18352328702844325130" + "version": "0.22.6.54827", + "templateHash": "2683570948982482973" } }, "parameters": { diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md index 0a3195f2ef..f833ed5a15 100644 --- a/modules/compute/virtual-machine/README.md +++ b/modules/compute/virtual-machine/README.md @@ -5,10 +5,10 @@ This module deploys a Virtual Machine with one or multiple NICs and optionally o ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -25,132 +25,30 @@ This module deploys a Virtual Machine with one or multiple NICs and optionally o | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | | `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2023-01-01/vaults/backupFabrics/protectionContainers/protectedItems) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `adminUsername` | securestring | | | Administrator username. | -| `configurationProfile` | string | `''` | `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` | The configuration profile of automanage. | -| `imageReference` | object | | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | -| `nicConfigurations` | array | | | Configures NICs and PIPs. | -| `osDisk` | object | | | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | -| `osType` | string | | `[Linux, Windows]` | The chosen OS type. | -| `vmSize` | string | | | Specifies the size for the VMs. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | -| `allowExtensionOperations` | bool | `True` | | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | -| `availabilitySetResourceId` | string | `''` | | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. | -| `availabilityZone` | int | `0` | `[0, 1, 2, 3]` | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. | -| `backupPolicyName` | string | `'DefaultPolicy'` | | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. | -| `backupVaultName` | string | `''` | | Recovery service vault name to add VMs to backup. | -| `backupVaultResourceGroup` | string | `[resourceGroup().name]` | | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. | -| `bootDiagnostics` | bool | `False` | | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. | -| `bootDiagnosticStorageAccountName` | string | `''` | | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. | -| `bootDiagnosticStorageAccountUri` | string | `[format('.blob.{0}/', environment().suffixes.storage)]` | | Storage account boot diagnostic base URI. | -| `certificatesToBeInstalled` | array | `[]` | | Specifies set of certificates that should be installed onto the virtual machine. | -| `computerName` | string | `[parameters('name')]` | | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. | -| `customData` | string | `''` | | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | -| `dataDisks` | array | `[]` | | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | -| `dedicatedHostId` | string | `''` | | Specifies resource ID about the dedicated host that the virtual machine resides in. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disablePasswordAuthentication` | bool | `False` | | Specifies whether password authentication should be disabled. | -| `enableAutomaticUpdates` | bool | `True` | | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableEvictionPolicy` | bool | `False` | | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | -| `encryptionAtHost` | bool | `True` | | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | -| `extensionAadJoinConfig` | object | `{object}` | | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionAntiMalwareConfig` | object | `{object}` | | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionAzureDiskEncryptionConfig` | object | `{object}` | | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | -| `extensionCustomScriptConfig` | object | `{object}` | | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionCustomScriptProtectedSetting` | secureObject | `{object}` | | Any object that contains the extension specific protected settings. | -| `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | -| `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `licenseType` | string | `''` | `['', Windows_Client, Windows_Server]` | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxPriceForLowPriorityVm` | string | `''` | | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | -| `monitoringWorkspaceId` | string | `''` | | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. | -| `name` | string | `[take(toLower(uniqueString(resourceGroup().name)), 10)]` | | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | -| `nicdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `nicDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the NIC diagnostic setting, if deployed. | -| `patchAssessmentMode` | string | `'ImageDefault'` | `[AutomaticByPlatform, ImageDefault]` | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. | -| `patchMode` | string | `''` | `['', AutomaticByOS, AutomaticByPlatform, ImageDefault, Manual]` | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. | -| `pipdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `pipdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `pipDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the PIP diagnostic setting, if deployed. | -| `plan` | object | `{object}` | | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | -| `priority` | string | `'Regular'` | `[Low, Regular, Spot]` | Specifies the priority for the virtual machine. | -| `provisionVMAgent` | bool | `True` | | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | -| `proximityPlacementGroupResourceId` | string | `''` | | Resource ID of a proximity placement group. | -| `publicKeys` | array | `[]` | | The list of SSH public keys used to authenticate with linux based VMs. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sasTokenValidityLength` | string | `'PT8H'` | | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `secureBootEnabled` | bool | `False` | | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `securityType` | string | `''` | | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeZone` | string | `''` | | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | -| `ultraSSDEnabled` | bool | `False` | | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vTpmEnabled` | bool | `False` | | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `winRM` | object | `{object}` | | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the VM. | -| `resourceGroupName` | string | The name of the resource group the VM was created in. | -| `resourceId` | string | The resource ID of the VM. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/network-interface` | Local reference | -| `network/public-ip-address` | Local reference | -| `recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Linux](#example-1-linux) +- [Linux.Atmg](#example-2-linuxatmg) +- [Linux.Min](#example-3-linuxmin) +- [Windows](#example-4-windows) +- [Windows.Atmg](#example-5-windowsatmg) +- [Windows.Min](#example-6-windowsmin) +- [Windows.Ssecmk](#example-7-windowsssecmk) -

Example 1: Linux

+### Example 1: _Linux_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmlincom' params: { // Required parameters @@ -662,14 +560,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 2: Linux.Atmg

+### Example 2: _Linux.Atmg_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg' params: { // Required parameters @@ -845,14 +743,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 3: Linux.Min

+### Example 3: _Linux.Min_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmlinmin' params: { // Required parameters @@ -982,14 +880,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 4: Windows

+### Example 4: _Windows_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwincom' params: { // Required parameters @@ -1539,14 +1437,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 5: Windows.Atmg

+### Example 5: _Windows.Atmg_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwinatmg' params: { // Required parameters @@ -1672,14 +1570,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 6: Windows.Min

+### Example 6: _Windows.Min_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwinmin' params: { // Required parameters @@ -1789,14 +1687,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 7: Windows.Ssecmk

+### Example 7: _Windows.Ssecmk_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwincmk' params: { // Required parameters @@ -1949,6 +1847,633 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. | +| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. | +| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | +| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. | +| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | +| [`osType`](#parameter-ostype) | string | The chosen OS type. | +| [`vmSize`](#parameter-vmsize) | string | Specifies the size for the VMs. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | +| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. | +| [`allowExtensionOperations`](#parameter-allowextensionoperations) | bool | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | +| [`availabilitySetResourceId`](#parameter-availabilitysetresourceid) | string | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. | +| [`availabilityZone`](#parameter-availabilityzone) | int | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. | +| [`backupPolicyName`](#parameter-backuppolicyname) | string | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. | +| [`backupVaultName`](#parameter-backupvaultname) | string | Recovery service vault name to add VMs to backup. | +| [`backupVaultResourceGroup`](#parameter-backupvaultresourcegroup) | string | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. | +| [`bootDiagnostics`](#parameter-bootdiagnostics) | bool | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. | +| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. | +| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. | +| [`certificatesToBeInstalled`](#parameter-certificatestobeinstalled) | array | Specifies set of certificates that should be installed onto the virtual machine. | +| [`computerName`](#parameter-computername) | string | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. | +| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | +| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | +| [`dedicatedHostId`](#parameter-dedicatedhostid) | string | Specifies resource ID about the dedicated host that the virtual machine resides in. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. | +| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | +| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | +| [`extensionAadJoinConfig`](#parameter-extensionaadjoinconfig) | object | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | +| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionCustomScriptProtectedSetting`](#parameter-extensioncustomscriptprotectedsetting) | secureObject | Any object that contains the extension specific protected settings. | +| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. | +| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | +| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. | +| [`name`](#parameter-name) | string | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | +| [`nicdiagnosticMetricsToEnable`](#parameter-nicdiagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`nicDiagnosticSettingsName`](#parameter-nicdiagnosticsettingsname) | string | The name of the NIC diagnostic setting, if deployed. | +| [`patchAssessmentMode`](#parameter-patchassessmentmode) | string | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. | +| [`patchMode`](#parameter-patchmode) | string | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. | +| [`pipdiagnosticLogCategoriesToEnable`](#parameter-pipdiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`pipdiagnosticMetricsToEnable`](#parameter-pipdiagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`pipDiagnosticSettingsName`](#parameter-pipdiagnosticsettingsname) | string | The name of the PIP diagnostic setting, if deployed. | +| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | +| [`priority`](#parameter-priority) | string | Specifies the priority for the virtual machine. | +| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | +| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | +| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | + +### Parameter: `additionalUnattendContent` + +Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `adminPassword` + +When specifying a Windows Virtual Machine, this value should be passed. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `adminUsername` + +Administrator username. +- Required: Yes +- Type: securestring + +### Parameter: `allowExtensionOperations` + +Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `availabilitySetResourceId` + +Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `availabilityZone` + +If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. +- Required: No +- Type: int +- Default: `0` +- Allowed: `[0, 1, 2, 3]` + +### Parameter: `backupPolicyName` + +Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. +- Required: No +- Type: string +- Default: `'DefaultPolicy'` + +### Parameter: `backupVaultName` + +Recovery service vault name to add VMs to backup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `backupVaultResourceGroup` + +Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `bootDiagnostics` + +Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `bootDiagnosticStorageAccountName` + +Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `bootDiagnosticStorageAccountUri` + +Storage account boot diagnostic base URI. +- Required: No +- Type: string +- Default: `[format('.blob.{0}/', environment().suffixes.storage)]` + +### Parameter: `certificatesToBeInstalled` + +Specifies set of certificates that should be installed onto the virtual machine. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `computerName` + +Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `configurationProfile` + +The configuration profile of automanage. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` + +### Parameter: `customData` + +Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataDisks` + +Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dedicatedHostId` + +Specifies resource ID about the dedicated host that the virtual machine resides in. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disablePasswordAuthentication` + +Specifies whether password authentication should be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableAutomaticUpdates` + +Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableEvictionPolicy` + +Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `encryptionAtHost` + +This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionAadJoinConfig` + +The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionAntiMalwareConfig` + +The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionAzureDiskEncryptionConfig` + +The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionCustomScriptConfig` + +The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionCustomScriptProtectedSetting` + +Any object that contains the extension specific protected settings. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `extensionDependencyAgentConfig` + +The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinConfig` + +The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinPassword` + +Required if name is specified. Password of the user specified in user parameter. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `extensionDSCConfig` + +The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionMonitoringAgentConfig` + +The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionNetworkWatcherAgentConfig` + +The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `imageReference` + +OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. +- Required: Yes +- Type: object + +### Parameter: `licenseType` + +Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Windows_Client, Windows_Server]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxPriceForLowPriorityVm` + +Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `monitoringWorkspaceId` + +Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. +- Required: No +- Type: string +- Default: `[take(toLower(uniqueString(resourceGroup().name)), 10)]` + +### Parameter: `nicConfigurations` + +Configures NICs and PIPs. +- Required: Yes +- Type: array + +### Parameter: `nicdiagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `nicDiagnosticSettingsName` + +The name of the NIC diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `osDisk` + +Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. +- Required: Yes +- Type: object + +### Parameter: `osType` + +The chosen OS type. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `patchAssessmentMode` + +VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. +- Required: No +- Type: string +- Default: `'ImageDefault'` +- Allowed: `[AutomaticByPlatform, ImageDefault]` + +### Parameter: `patchMode` + +VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AutomaticByOS, AutomaticByPlatform, ImageDefault, Manual]` + +### Parameter: `pipdiagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` + +### Parameter: `pipdiagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `pipDiagnosticSettingsName` + +The name of the PIP diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `plan` + +Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `priority` + +Specifies the priority for the virtual machine. +- Required: No +- Type: string +- Default: `'Regular'` +- Allowed: `[Low, Regular, Spot]` + +### Parameter: `provisionVMAgent` + +Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `proximityPlacementGroupResourceId` + +Resource ID of a proximity placement group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicKeys` + +The list of SSH public keys used to authenticate with linux based VMs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sasTokenValidityLength` + +SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `secureBootEnabled` + +Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `securityType` + +Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeZone` + +Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ultraSSDEnabled` + +The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vmSize` + +Specifies the size for the VMs. +- Required: Yes +- Type: string + +### Parameter: `vTpmEnabled` + +Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `winRM` + +Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the VM. | +| `resourceGroupName` | string | The name of the resource group the VM was created in. | +| `resourceId` | string | The resource ID of the VM. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/network-interface` | Local reference | +| `modules/network/public-ip-address` | Local reference | +| `modules/recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference | + ## Notes ### Automanage considerations diff --git a/modules/compute/virtual-machine/extension/README.md b/modules/compute/virtual-machine/extension/README.md index 7823c9766b..761c7b4d27 100644 --- a/modules/compute/virtual-machine/extension/README.md +++ b/modules/compute/virtual-machine/extension/README.md @@ -19,37 +19,128 @@ This module deploys a Virtual Machine Extension. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `autoUpgradeMinorVersion` | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | -| `enableAutomaticUpgrade` | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | -| `name` | string | The name of the virtual machine extension. | -| `publisher` | string | The name of the extension handler publisher. | -| `type` | string | Specifies the type of the extension; an example is "CustomScriptExtension". | -| `typeHandlerVersion` | string | Specifies the version of the script handler. | +| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | +| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | +| [`name`](#parameter-name) | string | The name of the virtual machine extension. | +| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. | +| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". | +| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualMachineName` | string | The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. | +| [`virtualMachineName`](#parameter-virtualmachinename) | string | The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forceUpdateTag` | string | `''` | How the extension handler should be forced to update even if the extension configuration has not changed. | -| `location` | string | `[resourceGroup().location]` | The location the extension is deployed to. | -| `protectedSettings` | secureObject | `{object}` | Any object that contains the extension specific protected settings. | -| `settings` | object | `{object}` | Any object that contains the extension specific settings. | -| `supressFailures` | bool | `False` | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. | +| [`location`](#parameter-location) | string | The location the extension is deployed to. | +| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. | +| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. | +| [`supressFailures`](#parameter-supressfailures) | bool | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `autoUpgradeMinorVersion` + +Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. +- Required: Yes +- Type: bool + +### Parameter: `enableAutomaticUpgrade` + +Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. +- Required: Yes +- Type: bool + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forceUpdateTag` + +How the extension handler should be forced to update even if the extension configuration has not changed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +The location the extension is deployed to. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the virtual machine extension. +- Required: Yes +- Type: string + +### Parameter: `protectedSettings` + +Any object that contains the extension specific protected settings. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `publisher` + +The name of the extension handler publisher. +- Required: Yes +- Type: string + +### Parameter: `settings` + +Any object that contains the extension specific settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `supressFailures` + +Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. +- Required: Yes +- Type: string + +### Parameter: `virtualMachineName` + +The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the extension. | diff --git a/modules/compute/virtual-machine/extension/main.json b/modules/compute/virtual-machine/extension/main.json index 9dc0e8298a..782a6fa1ff 100644 --- a/modules/compute/virtual-machine/extension/main.json +++ b/modules/compute/virtual-machine/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", diff --git a/modules/compute/virtual-machine/main.json b/modules/compute/virtual-machine/main.json index 6ba690ab4f..202cf5e053 100644 --- a/modules/compute/virtual-machine/main.json +++ b/modules/compute/virtual-machine/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8956159626460319190" + "version": "0.22.6.54827", + "templateHash": "16514436583417262148" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.", @@ -844,8 +844,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17678163563393779135" + "version": "0.22.6.54827", + "templateHash": "8548313386789098939" } }, "parameters": { @@ -999,8 +999,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -1333,8 +1333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -1585,8 +1585,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5974456600868040376" + "version": "0.22.6.54827", + "templateHash": "14479255820598719580" }, "name": "Network Interface", "description": "This module deploys a Network Interface.", @@ -1888,8 +1888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10645923556503351364" + "version": "0.22.6.54827", + "templateHash": "11518733977101662334" } }, "parameters": { @@ -2105,8 +2105,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2320,8 +2320,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2530,8 +2530,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2745,8 +2745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2950,8 +2950,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3155,8 +3155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3364,8 +3364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3581,8 +3581,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3791,8 +3791,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -4003,8 +4003,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10079924922844886000" + "version": "0.22.6.54827", + "templateHash": "7148492251760573310" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.", @@ -4172,8 +4172,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11877341194593849245" + "version": "0.22.6.54827", + "templateHash": "16523538632311306099" } }, "parameters": { diff --git a/modules/consumption/budget/.test/common/main.test.bicep b/modules/consumption/budget/.test/common/main.test.bicep index 0b3044a0e3..7668018aae 100644 --- a/modules/consumption/budget/.test/common/main.test.bicep +++ b/modules/consumption/budget/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/consumption/budget/.test/min/main.test.bicep b/modules/consumption/budget/.test/min/main.test.bicep index cd1da3812e..a76b439216 100644 --- a/modules/consumption/budget/.test/min/main.test.bicep +++ b/modules/consumption/budget/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/consumption/budget/README.md b/modules/consumption/budget/README.md index 191cc3a890..bd08b6d387 100644 --- a/modules/consumption/budget/README.md +++ b/modules/consumption/budget/README.md @@ -4,75 +4,40 @@ This module deploys a Consumption Budget for Subscriptions. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Consumption/budgets` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Consumption/2021-10-01/budgets) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `amount` | int | The total amount of cost or usage to track with the budget. | -| `name` | string | The name of the budget. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `actionGroups` | array | List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. | -| `contactEmails` | array | The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. | -| `contactRoles` | array | The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `category` | string | `'Cost'` | `[Cost, Usage]` | The category of the budget, whether the budget tracks cost or usage. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endDate` | string | `''` | | The end date for the budget. If not provided, it will default to 10 years from the start date. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `resetPeriod` | string | `'Monthly'` | `[Annually, BillingAnnual, BillingMonth, BillingQuarter, Monthly, Quarterly]` | The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. | -| `startDate` | string | `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]` | | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). | -| `thresholds` | array | `[50, 75, 90, 100, 110]` | | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the budget. | -| `resourceId` | string | The resource ID of the budget. | -| `subscriptionName` | string | The subscription the budget was deployed into. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/consumption.budget:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module budget './consumption/budget/main.bicep' = { +module budget 'br:bicep/modules/consumption.budget:1.0.0' = { name: '${uniqueString(deployment().name)}-test-cbcom' params: { // Required parameters @@ -138,14 +103,17 @@ module budget './consumption/budget/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module budget './consumption/budget/main.bicep' = { +module budget 'br:bicep/modules/consumption.budget:1.0.0' = { name: '${uniqueString(deployment().name)}-test-cbmin' params: { // Required parameters @@ -194,3 +162,130 @@ module budget './consumption/budget/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`amount`](#parameter-amount) | int | The total amount of cost or usage to track with the budget. | +| [`name`](#parameter-name) | string | The name of the budget. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actionGroups`](#parameter-actiongroups) | array | List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. | +| [`contactEmails`](#parameter-contactemails) | array | The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. | +| [`contactRoles`](#parameter-contactroles) | array | The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`category`](#parameter-category) | string | The category of the budget, whether the budget tracks cost or usage. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endDate`](#parameter-enddate) | string | The end date for the budget. If not provided, it will default to 10 years from the start date. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`resetPeriod`](#parameter-resetperiod) | string | The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. | +| [`startDate`](#parameter-startdate) | string | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). | +| [`thresholds`](#parameter-thresholds) | array | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. | + +### Parameter: `actionGroups` + +List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `amount` + +The total amount of cost or usage to track with the budget. +- Required: Yes +- Type: int + +### Parameter: `category` + +The category of the budget, whether the budget tracks cost or usage. +- Required: No +- Type: string +- Default: `'Cost'` +- Allowed: `[Cost, Usage]` + +### Parameter: `contactEmails` + +The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `contactRoles` + +The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endDate` + +The end date for the budget. If not provided, it will default to 10 years from the start date. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +The name of the budget. +- Required: Yes +- Type: string + +### Parameter: `resetPeriod` + +The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. +- Required: No +- Type: string +- Default: `'Monthly'` +- Allowed: `[Annually, BillingAnnual, BillingMonth, BillingQuarter, Monthly, Quarterly]` + +### Parameter: `startDate` + +The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). +- Required: No +- Type: string +- Default: `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]` + +### Parameter: `thresholds` + +Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. +- Required: No +- Type: array +- Default: `[50, 75, 90, 100, 110]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the budget. | +| `resourceId` | string | The resource ID of the budget. | +| `subscriptionName` | string | The subscription the budget was deployed into. | + +## Cross-referenced modules + +_None_ diff --git a/modules/consumption/budget/main.json b/modules/consumption/budget/main.json index 5b676a256c..a65a1bbfe8 100644 --- a/modules/consumption/budget/main.json +++ b/modules/consumption/budget/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14854724529401221825" + "version": "0.22.6.54827", + "templateHash": "2760526032764483110" }, "name": "Consumption Budgets", "description": "This module deploys a Consumption Budget for Subscriptions.", diff --git a/modules/container-instance/container-group/.test/common/main.test.bicep b/modules/container-instance/container-group/.test/common/main.test.bicep index d514033d8f..76374c71e0 100644 --- a/modules/container-instance/container-group/.test/common/main.test.bicep +++ b/modules/container-instance/container-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-instance/container-group/.test/min/main.test.bicep b/modules/container-instance/container-group/.test/min/main.test.bicep index 6136c721aa..240ce76d42 100644 --- a/modules/container-instance/container-group/.test/min/main.test.bicep +++ b/modules/container-instance/container-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-instance/container-group/README.md b/modules/container-instance/container-group/README.md index 9e02a54f3c..66e52bf7e2 100644 --- a/modules/container-instance/container-group/README.md +++ b/modules/container-instance/container-group/README.md @@ -4,93 +4,44 @@ This module deploys a Container Instance Container Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.ContainerInstance/containerGroups` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerInstance/2022-09-01/containerGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `containers` | array | The containers and their respective config within the container group. | -| `name` | string | Name for the container group. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | -| `ipAddressPorts` | array | `[]` | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` | Specify level of protection of the domain name label. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `dnsNameLabel` | string | `''` | | The Dns name label for the resource. | -| `dnsNameServers` | array | `[]` | | List of dns servers used by the containers for lookups. | -| `dnsSearchDomains` | string | `''` | | DNS search domain which will be appended to each DNS lookup. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | -| `initContainers` | array | `[]` | | A list of container definitions which will be executed before the application container starts. | -| `ipAddressType` | string | `'Public'` | `[Private, Public]` | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `osType` | string | `'Linux'` | | The operating system type required by the containers in the container group. - Windows or Linux. | -| `restartPolicy` | string | `'Always'` | `[Always, Never, OnFailure]` | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | -| `sku` | string | `'Standard'` | `[Dedicated, Standard]` | The container group SKU. | -| `subnetId` | string | `''` | | Resource ID of the subnet. Only specify when ipAddressType is Private. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `volumes` | array | `[]` | | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `iPv4Address` | string | The IPv4 address of the container group. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the container group. | -| `resourceGroupName` | string | The resource group the container group was deployed into. | -| `resourceId` | string | The resource ID of the container group. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-instance.container-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Private](#example-4-private) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgcom' params: { // Required parameters @@ -272,14 +223,14 @@ module containerGroup './container-instance/container-group/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgenc' params: { // Required parameters @@ -473,14 +424,17 @@ module containerGroup './container-instance/container-group/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgmin' params: { // Required parameters @@ -574,14 +528,14 @@ module containerGroup './container-instance/container-group/main.bicep' = {

-

Example 4: Private

+### Example 4: _Private_
via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgprivate' params: { // Required parameters @@ -806,6 +760,242 @@ module containerGroup './container-instance/container-group/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | The containers and their respective config within the container group. | +| [`name`](#parameter-name) | string | Name for the container group. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | +| [`ipAddressPorts`](#parameter-ipaddressports) | array | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Specify level of protection of the domain name label. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`dnsNameLabel`](#parameter-dnsnamelabel) | string | The Dns name label for the resource. | +| [`dnsNameServers`](#parameter-dnsnameservers) | array | List of dns servers used by the containers for lookups. | +| [`dnsSearchDomains`](#parameter-dnssearchdomains) | string | DNS search domain which will be appended to each DNS lookup. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`imageRegistryCredentials`](#parameter-imageregistrycredentials) | array | The image registry credentials by which the container group is created from. | +| [`initContainers`](#parameter-initcontainers) | array | A list of container definitions which will be executed before the application container starts. | +| [`ipAddressType`](#parameter-ipaddresstype) | string | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`osType`](#parameter-ostype) | string | The operating system type required by the containers in the container group. - Windows or Linux. | +| [`restartPolicy`](#parameter-restartpolicy) | string | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | +| [`sku`](#parameter-sku) | string | The container group SKU. | +| [`subnetId`](#parameter-subnetid) | string | Resource ID of the subnet. Only specify when ipAddressType is Private. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`volumes`](#parameter-volumes) | array | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. | + +### Parameter: `autoGeneratedDomainNameLabelScope` + +Specify level of protection of the domain name label. +- Required: No +- Type: string +- Default: `'TenantReuse'` +- Allowed: `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `containers` + +The containers and their respective config within the container group. +- Required: Yes +- Type: array + +### Parameter: `dnsNameLabel` + +The Dns name label for the resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsNameServers` + +List of dns servers used by the containers for lookups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsSearchDomains` + +DNS search domain which will be appended to each DNS lookup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `imageRegistryCredentials` + +The image registry credentials by which the container group is created from. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `initContainers` + +A list of container definitions which will be executed before the application container starts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipAddressPorts` + +Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipAddressType` + +Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. +- Required: No +- Type: string +- Default: `'Public'` +- Allowed: `[Private, Public]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name for the container group. +- Required: Yes +- Type: string + +### Parameter: `osType` + +The operating system type required by the containers in the container group. - Windows or Linux. +- Required: No +- Type: string +- Default: `'Linux'` + +### Parameter: `restartPolicy` + +Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. +- Required: No +- Type: string +- Default: `'Always'` +- Allowed: `[Always, Never, OnFailure]` + +### Parameter: `sku` + +The container group SKU. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Dedicated, Standard]` + +### Parameter: `subnetId` + +Resource ID of the subnet. Only specify when ipAddressType is Private. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `iPv4Address` | string | The IPv4 address of the container group. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the container group. | +| `resourceGroupName` | string | The resource group the container group was deployed into. | +| `resourceId` | string | The resource ID of the container group. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `imageRegistryCredentials` diff --git a/modules/container-instance/container-group/main.json b/modules/container-instance/container-group/main.json index cf3d24c34f..de3ed088b2 100644 --- a/modules/container-instance/container-group/main.json +++ b/modules/container-instance/container-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1590771633757024092" + "version": "0.22.6.54827", + "templateHash": "3196122826827836156" }, "name": "Container Instances Container Groups", "description": "This module deploys a Container Instance Container Group.", diff --git a/modules/container-registry/registry/.test/common/main.test.bicep b/modules/container-registry/registry/.test/common/main.test.bicep index 46df910a1b..1cba142a21 100644 --- a/modules/container-registry/registry/.test/common/main.test.bicep +++ b/modules/container-registry/registry/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-registry/registry/.test/min/main.test.bicep b/modules/container-registry/registry/.test/min/main.test.bicep index b861c01634..0db5d24fdd 100644 --- a/modules/container-registry/registry/.test/min/main.test.bicep +++ b/modules/container-registry/registry/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-registry/registry/README.md b/modules/container-registry/registry/README.md index 0a5487152b..c1c5ee9a5d 100644 --- a/modules/container-registry/registry/README.md +++ b/modules/container-registry/registry/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Container Registry (ACR). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -24,98 +24,30 @@ This module deploys an Azure Container Registry (ACR). | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of your Azure container registry. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `acrAdminUserEnabled` | bool | `False` | | Enable admin user that have push / pull permission to the registry. | -| `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. | -| `anonymousPullEnabled` | bool | `False` | | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. | -| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. | -| `cacheRules` | _[cacheRules](cache-rules/README.md)_ array | `[]` | | Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `dataEndpointEnabled` | bool | `False` | | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exportPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the export policy is enabled or not. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkRuleBypassOptions` | string | `'AzureServices'` | `[AzureServices, None]` | Whether to allow trusted Azure services to access a network restricted registry. | -| `networkRuleSetDefaultAction` | string | `'Deny'` | `[Allow, Deny]` | The default action of allow or deny when no other rules match. | -| `networkRuleSetIpRules` | array | `[]` | | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. | -| `quarantinePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the quarantine policy is enabled or not. | -| `replications` | array | `[]` | | All replications to create. | -| `retentionPolicyDays` | int | `15` | | The number of days to retain an untagged manifest after which it gets purged. | -| `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `softDeletePolicyDays` | int | `7` | | The number of days after which a soft-deleted item is permanently deleted. | -| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. Default is disabled. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webhooks` | array | `[]` | | All webhooks to create. | -| `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `loginServer` | string | The reference to the Azure container registry. | -| `name` | string | The Name of the Azure container registry. | -| `resourceGroupName` | string | The name of the Azure container registry. | -| `resourceId` | string | The resource ID of the Azure container registry. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-registry.registry:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrcom' params: { // Required parameters @@ -347,14 +279,14 @@ module registry './container-registry/registry/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrencr' params: { // Required parameters @@ -432,14 +364,17 @@ module registry './container-registry/registry/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrmin' params: { // Required parameters @@ -477,14 +412,14 @@ module registry './container-registry/registry/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrpe' params: { // Required parameters @@ -571,3 +506,374 @@ module registry './container-registry/registry/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of your Azure container registry. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`acrAdminUserEnabled`](#parameter-acradminuserenabled) | bool | Enable admin user that have push / pull permission to the registry. | +| [`acrSku`](#parameter-acrsku) | string | Tier of your Azure container registry. | +| [`anonymousPullEnabled`](#parameter-anonymouspullenabled) | bool | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. | +| [`azureADAuthenticationAsArmPolicyStatus`](#parameter-azureadauthenticationasarmpolicystatus) | string | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. | +| [`cacheRules`](#parameter-cacherules) | array | Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`dataEndpointEnabled`](#parameter-dataendpointenabled) | bool | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exportPolicyStatus`](#parameter-exportpolicystatus) | string | The value that indicates whether the export policy is enabled or not. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkRuleBypassOptions`](#parameter-networkrulebypassoptions) | string | Whether to allow trusted Azure services to access a network restricted registry. | +| [`networkRuleSetDefaultAction`](#parameter-networkrulesetdefaultaction) | string | The default action of allow or deny when no other rules match. | +| [`networkRuleSetIpRules`](#parameter-networkrulesetiprules) | array | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. | +| [`quarantinePolicyStatus`](#parameter-quarantinepolicystatus) | string | The value that indicates whether the quarantine policy is enabled or not. | +| [`replications`](#parameter-replications) | array | All replications to create. | +| [`retentionPolicyDays`](#parameter-retentionpolicydays) | int | The number of days to retain an untagged manifest after which it gets purged. | +| [`retentionPolicyStatus`](#parameter-retentionpolicystatus) | string | The value that indicates whether the retention policy is enabled or not. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`softDeletePolicyDays`](#parameter-softdeletepolicydays) | int | The number of days after which a soft-deleted item is permanently deleted. | +| [`softDeletePolicyStatus`](#parameter-softdeletepolicystatus) | string | Soft Delete policy status. Default is disabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`trustPolicyStatus`](#parameter-trustpolicystatus) | string | The value that indicates whether the trust policy is enabled or not. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`webhooks`](#parameter-webhooks) | array | All webhooks to create. | +| [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. | + +### Parameter: `acrAdminUserEnabled` + +Enable admin user that have push / pull permission to the registry. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `acrSku` + +Tier of your Azure container registry. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `anonymousPullEnabled` + +Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `azureADAuthenticationAsArmPolicyStatus` + +The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `cacheRules` + +Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataEndpointEnabled` + +Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exportPolicyStatus` + +The value that indicates whether the export policy is enabled or not. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of your Azure container registry. +- Required: Yes +- Type: string + +### Parameter: `networkRuleBypassOptions` + +Whether to allow trusted Azure services to access a network restricted registry. +- Required: No +- Type: string +- Default: `'AzureServices'` +- Allowed: `[AzureServices, None]` + +### Parameter: `networkRuleSetDefaultAction` + +The default action of allow or deny when no other rules match. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Allow, Deny]` + +### Parameter: `networkRuleSetIpRules` + +The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `quarantinePolicyStatus` + +The value that indicates whether the quarantine policy is enabled or not. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `replications` + +All replications to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `retentionPolicyDays` + +The number of days to retain an untagged manifest after which it gets purged. +- Required: No +- Type: int +- Default: `15` + +### Parameter: `retentionPolicyStatus` + +The value that indicates whether the retention policy is enabled or not. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `softDeletePolicyDays` + +The number of days after which a soft-deleted item is permanently deleted. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `softDeletePolicyStatus` + +Soft Delete policy status. Default is disabled. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trustPolicyStatus` + +The value that indicates whether the trust policy is enabled or not. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webhooks` + +All webhooks to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundancy` + +Whether or not zone redundancy is enabled for this container registry. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `loginServer` | string | The reference to the Azure container registry. | +| `name` | string | The Name of the Azure container registry. | +| `resourceGroupName` | string | The name of the Azure container registry. | +| `resourceId` | string | The resource ID of the Azure container registry. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/container-registry/registry/cache-rules/README.md b/modules/container-registry/registry/cache-rules/README.md index 80f65eb47b..75303e848b 100644 --- a/modules/container-registry/registry/cache-rules/README.md +++ b/modules/container-registry/registry/cache-rules/README.md @@ -19,24 +19,64 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. | -| `sourceRepository` | string | Source repository pulled from upstream. | +| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | +| [`sourceRepository`](#parameter-sourcerepository) | string | Source repository pulled from upstream. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `credentialSetResourceId` | string | `''` | The resource ID of the credential store which is associated with the cache rule. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` | The name of the cache rule. Will be dereived from the source repository name if not defined. | -| `targetRepository` | string | `[parameters('sourceRepository')]` | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the cache rule. Will be dereived from the source repository name if not defined. | +| [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | + +### Parameter: `credentialSetResourceId` + +The resource ID of the credential store which is associated with the cache rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the cache rule. Will be dereived from the source repository name if not defined. +- Required: No +- Type: string +- Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sourceRepository` + +Source repository pulled from upstream. +- Required: Yes +- Type: string + +### Parameter: `targetRepository` + +Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. +- Required: No +- Type: string +- Default: `[parameters('sourceRepository')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The Name of the Cache Rule. | | `resourceGroupName` | string | The name of the Cache Rule. | diff --git a/modules/container-registry/registry/cache-rules/main.json b/modules/container-registry/registry/cache-rules/main.json index 83a945758f..05e6d97ffd 100644 --- a/modules/container-registry/registry/cache-rules/main.json +++ b/modules/container-registry/registry/cache-rules/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8306764349327428733" + "version": "0.22.6.54827", + "templateHash": "6694265508496204217" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json index 6ffdf39a75..eb1edb3019 100644 --- a/modules/container-registry/registry/main.json +++ b/modules/container-registry/registry/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14469522788734895645" + "version": "0.22.6.54827", + "templateHash": "810724730181048401" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -505,8 +505,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9951681110843116683" + "version": "0.22.6.54827", + "templateHash": "3105247041693395359" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", @@ -661,8 +661,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14358887700222348175" + "version": "0.22.6.54827", + "templateHash": "6694265508496204217" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -804,8 +804,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10631233428813928982" + "version": "0.22.6.54827", + "templateHash": "6585565654056170037" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", @@ -1014,8 +1014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10926055476825540288" + "version": "0.22.6.54827", + "templateHash": "16788652740395923269" } }, "parameters": { @@ -1180,8 +1180,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1380,8 +1380,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1518,8 +1518,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/container-registry/registry/replication/README.md b/modules/container-registry/registry/replication/README.md index 1c164a9f05..186c4b5e69 100644 --- a/modules/container-registry/registry/replication/README.md +++ b/modules/container-registry/registry/replication/README.md @@ -19,30 +19,78 @@ This module deploys an Azure Container Registry (ACR) Replication. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the replication. | +| [`name`](#parameter-name) | string | The name of the replication. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. | +| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `regionEndpointEnabled` | bool | `True` | | Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`regionEndpointEnabled`](#parameter-regionendpointenabled) | bool | Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the replication. +- Required: Yes +- Type: string + +### Parameter: `regionEndpointEnabled` + +Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundancy` + +Whether or not zone redundancy is enabled for this container registry. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the replication. | diff --git a/modules/container-registry/registry/replication/main.json b/modules/container-registry/registry/replication/main.json index f520fb4066..4e38206ba4 100644 --- a/modules/container-registry/registry/replication/main.json +++ b/modules/container-registry/registry/replication/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "842274698238951310" + "version": "0.22.6.54827", + "templateHash": "3105247041693395359" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", diff --git a/modules/container-registry/registry/webhook/README.md b/modules/container-registry/registry/webhook/README.md index 34a74af6cc..a44a03ca55 100644 --- a/modules/container-registry/registry/webhook/README.md +++ b/modules/container-registry/registry/webhook/README.md @@ -19,33 +19,102 @@ This module deploys an Azure Container Registry (ACR) Webhook. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serviceUri` | string | The service URI for the webhook to post notifications. | +| [`serviceUri`](#parameter-serviceuri) | string | The service URI for the webhook to post notifications. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. | +| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `action` | array | `[chart_delete, chart_push, delete, push, quarantine]` | | The list of actions that trigger the webhook to post notifications. | -| `customHeaders` | object | `{object}` | | Custom headers that will be added to the webhook notifications. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `name` | string | `[format('{0}webhook', parameters('registryName'))]` | | The name of the registry webhook. | -| `scope` | string | `''` | | The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. | -| `status` | string | `'enabled'` | `[disabled, enabled]` | The status of the webhook at the time the operation was called. | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`action`](#parameter-action) | array | The list of actions that trigger the webhook to post notifications. | +| [`customHeaders`](#parameter-customheaders) | object | Custom headers that will be added to the webhook notifications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`name`](#parameter-name) | string | The name of the registry webhook. | +| [`scope`](#parameter-scope) | string | The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. | +| [`status`](#parameter-status) | string | The status of the webhook at the time the operation was called. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `action` + +The list of actions that trigger the webhook to post notifications. +- Required: No +- Type: array +- Default: `[chart_delete, chart_push, delete, push, quarantine]` + +### Parameter: `customHeaders` + +Custom headers that will be added to the webhook notifications. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the registry webhook. +- Required: No +- Type: string +- Default: `[format('{0}webhook', parameters('registryName'))]` + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `scope` + +The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceUri` + +The service URI for the webhook to post notifications. +- Required: Yes +- Type: string + +### Parameter: `status` + +The status of the webhook at the time the operation was called. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `actions` | array | The actions of the webhook. | | `location` | string | The location the resource was deployed into. | diff --git a/modules/container-registry/registry/webhook/main.json b/modules/container-registry/registry/webhook/main.json index 025bf2a393..13ceaa13ed 100644 --- a/modules/container-registry/registry/webhook/main.json +++ b/modules/container-registry/registry/webhook/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1820627526704627956" + "version": "0.22.6.54827", + "templateHash": "6585565654056170037" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", diff --git a/modules/container-service/managed-cluster/.test/min/main.test.bicep b/modules/container-service/managed-cluster/.test/min/main.test.bicep index b63007e8a7..477264b2e2 100644 --- a/modules/container-service/managed-cluster/.test/min/main.test.bicep +++ b/modules/container-service/managed-cluster/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md index fb3247fc75..6f6331ad58 100644 --- a/modules/container-service/managed-cluster/README.md +++ b/modules/container-service/managed-cluster/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,164 +23,27 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) | | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the AKS cluster. | -| `primaryAgentPoolProfile` | array | Properties of the primary agent pool. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aksServicePrincipalProfile` | object | `{object}` | Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. | -| `appGatewayResourceId` | string | `''` | Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `aadProfileAdminGroupObjectIDs` | array | `[]` | | Specifies the AAD group object IDs that will have admin role of the cluster. | -| `aadProfileClientAppID` | string | `''` | | The client AAD application ID. | -| `aadProfileEnableAzureRBAC` | bool | `[parameters('enableRBAC')]` | | Specifies whether to enable Azure RBAC for Kubernetes authorization. | -| `aadProfileManaged` | bool | `True` | | Specifies whether to enable managed AAD integration. | -| `aadProfileServerAppID` | string | `''` | | The server AAD application ID. | -| `aadProfileServerAppSecret` | string | `''` | | The server AAD application secret. | -| `aadProfileTenantId` | string | `[subscription().tenantId]` | | Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. | -| `aciConnectorLinuxEnabled` | bool | `False` | | Specifies whether the aciConnectorLinux add-on is enabled or not. | -| `adminUsername` | string | `'azureuser'` | | Specifies the administrator username of Linux virtual machines. | -| `agentPools` | array | `[]` | | Define one or more secondary/additional agent pools. | -| `authorizedIPRanges` | array | `[]` | | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. | -| `autoScalerProfileBalanceSimilarNodeGroups` | string | `'false'` | `[false, true]` | Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. | -| `autoScalerProfileExpander` | string | `'random'` | `[least-waste, most-pods, priority, random]` | Specifies the expand strategy for the auto-scaler of the AKS cluster. | -| `autoScalerProfileMaxEmptyBulkDelete` | string | `'10'` | | Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. | -| `autoScalerProfileMaxGracefulTerminationSec` | string | `'600'` | | Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. | -| `autoScalerProfileMaxNodeProvisionTime` | string | `'15m'` | | Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. | -| `autoScalerProfileMaxTotalUnreadyPercentage` | string | `'45'` | | Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. | -| `autoScalerProfileNewPodScaleUpDelay` | string | `'0s'` | | For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). | -| `autoScalerProfileOkTotalUnreadyCount` | string | `'3'` | | Specifies the OK total unready count for the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownDelayAfterAdd` | string | `'10m'` | | Specifies the scale down delay after add of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownDelayAfterDelete` | string | `'20s'` | | Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownDelayAfterFailure` | string | `'3m'` | | Specifies scale down delay after failure of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownUnneededTime` | string | `'10m'` | | Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownUnreadyTime` | string | `'20m'` | | Specifies the scale down unready time of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScanInterval` | string | `'10s'` | | Specifies the scan interval of the auto-scaler of the AKS cluster. | -| `autoScalerProfileSkipNodesWithLocalStorage` | string | `'true'` | `[false, true]` | Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. | -| `autoScalerProfileSkipNodesWithSystemPods` | string | `'true'` | `[false, true]` | Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. | -| `autoScalerProfileUtilizationThreshold` | string | `'0.5'` | | Specifies the utilization threshold of the auto-scaler of the AKS cluster. | -| `autoUpgradeProfileUpgradeChannel` | string | `''` | `['', node-image, none, patch, rapid, stable]` | Auto-upgrade channel on the AKS cluster. | -| `azurePolicyEnabled` | bool | `True` | | Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. | -| `azurePolicyVersion` | string | `'v2'` | | Specifies the azure policy version to use. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAccounts` | bool | `False` | | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. | -| `disableRunCommand` | bool | `False` | | Whether to disable run command for the cluster or not. | -| `diskEncryptionSetID` | string | `''` | | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. | -| `dnsPrefix` | string | `[parameters('name')]` | | Specifies the DNS prefix specified when creating the managed cluster. | -| `dnsServiceIP` | string | `''` | | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | -| `dnsZoneResourceId` | string | `''` | | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. | -| `enableAzureDefender` | bool | `False` | | Whether to enable Azure Defender. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableDnsZoneContributorRoleAssignment` | bool | `True` | | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. | -| `enableKeyvaultSecretsProvider` | bool | `False` | | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | -| `enableOidcIssuerProfile` | bool | `False` | | Whether the The OIDC issuer profile of the Managed Cluster is enabled. | -| `enablePodSecurityPolicy` | bool | `False` | | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. | -| `enablePrivateCluster` | bool | `False` | | Specifies whether to create the cluster as a private cluster or not. | -| `enablePrivateClusterPublicFQDN` | bool | `False` | | Whether to create additional public FQDN for private cluster or not. | -| `enableRBAC` | bool | `True` | | Whether to enable Kubernetes Role-Based Access Control. | -| `enableSecretRotation` | string | `'false'` | `[false, true]` | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. | -| `enableStorageProfileBlobCSIDriver` | bool | `False` | | Whether the AzureBlob CSI Driver for the storage profile is enabled. | -| `enableStorageProfileDiskCSIDriver` | bool | `False` | | Whether the AzureDisk CSI Driver for the storage profile is enabled. | -| `enableStorageProfileFileCSIDriver` | bool | `False` | | Whether the AzureFile CSI Driver for the storage profile is enabled. | -| `enableStorageProfileSnapshotController` | bool | `False` | | Whether the snapshot controller for the storage profile is enabled. | -| `enableWorkloadIdentity` | bool | `False` | | Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. | -| `fluxConfigurationProtectedSettings` | secureObject | `{object}` | | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | -| `fluxExtension` | object | `{object}` | | Settings and configurations for the flux extension. | -| `httpApplicationRoutingEnabled` | bool | `False` | | Specifies whether the httpApplicationRouting add-on is enabled or not. | -| `httpProxyConfig` | object | `{object}` | | Configurations for provisioning the cluster with HTTP proxy servers. | -| `identityProfile` | object | `{object}` | | Identities associated with the cluster. | -| `ingressApplicationGatewayEnabled` | bool | `False` | | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. | -| `kubeDashboardEnabled` | bool | `False` | | Specifies whether the kubeDashboard add-on is enabled or not. | -| `kubernetesVersion` | string | `''` | | Version of Kubernetes specified when creating the managed cluster. | -| `loadBalancerSku` | string | `'standard'` | `[basic, standard]` | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | -| `location` | string | `[resourceGroup().location]` | | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedOutboundIPCount` | int | `0` | | Outbound IP Count for the Load balancer. | -| `monitoringWorkspaceId` | string | `''` | | Resource ID of the monitoring log analytics workspace. | -| `networkDataplane` | string | `''` | `['', azure, cilium]` | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | -| `networkPlugin` | string | `''` | `['', azure, kubenet]` | Specifies the network plugin used for building Kubernetes network. | -| `networkPluginMode` | string | `''` | `['', overlay]` | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. | -| `networkPolicy` | string | `''` | `['', azure, calico]` | Specifies the network policy used for building Kubernetes network. - calico or azure. | -| `nodeResourceGroup` | string | `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` | | Name of the resource group containing agent pool nodes. | -| `omsAgentEnabled` | bool | `True` | | Specifies whether the OMS agent is enabled. | -| `openServiceMeshEnabled` | bool | `False` | | Specifies whether the openServiceMesh add-on is enabled or not. | -| `outboundType` | string | `'loadBalancer'` | `[loadBalancer, userDefinedRouting]` | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. | -| `podCidr` | string | `''` | | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. | -| `podIdentityProfileAllowNetworkPluginKubenet` | bool | `False` | | Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. | -| `podIdentityProfileEnable` | bool | `False` | | Whether the pod identity addon is enabled. | -| `podIdentityProfileUserAssignedIdentities` | array | `[]` | | The pod identities to use in the cluster. | -| `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` | | The pod identity exceptions to allow. | -| `privateDNSZone` | string | `''` | | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceCidr` | string | `''` | | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | -| `skuTier` | string | `'Free'` | `[Free, Premium, Standard]` | Tier of a managed cluster SKU. - Free or Standard. | -| `sshPublicKey` | string | `''` | | Specifies the SSH RSA public key string for the Linux nodes. | -| `supportPlan` | string | `'KubernetesOfficial'` | `[AKSLongTermSupport, KubernetesOfficial]` | The support plan for the Managed Cluster. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webApplicationRoutingEnabled` | bool | `False` | | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `addonProfiles` | object | The addonProfiles of the Kubernetes cluster. | -| `controlPlaneFQDN` | string | The control plane FQDN of the managed cluster. | -| `keyvaultIdentityClientId` | string | The Client ID of the Key Vault Secrets Provider identity. | -| `keyvaultIdentityObjectId` | string | The Object ID of the Key Vault Secrets Provider identity. | -| `kubeletidentityObjectId` | string | The Object ID of the AKS identity. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the managed cluster. | -| `oidcIssuerUrl` | string | The OIDC token issuer URL. | -| `omsagentIdentityObjectId` | string | The Object ID of the OMS agent identity. | -| `resourceGroupName` | string | The resource group the managed cluster was deployed into. | -| `resourceId` | string | The resource ID of the managed cluster. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `kubernetes-configuration/extension` | Local reference | -| `kubernetes-configuration/flux-configuration` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-service.managed-cluster:1.0.0`. -## Deployment examples +- [Azure](#example-1-azure) +- [Kubenet](#example-2-kubenet) +- [Using only defaults](#example-3-using-only-defaults) +- [Priv](#example-4-priv) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Azure

+### Example 1: _Azure_
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmaz' params: { // Required parameters @@ -624,14 +487,14 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

-

Example 2: Kubenet

+### Example 2: _Kubenet_
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmkube' params: { // Required parameters @@ -873,14 +736,17 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmmin' params: { // Required parameters @@ -940,14 +806,14 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

-

Example 4: Priv

+### Example 4: _Priv_
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmpriv' params: { // Required parameters @@ -1194,6 +1060,857 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the AKS cluster. | +| [`primaryAgentPoolProfile`](#parameter-primaryagentpoolprofile) | array | Properties of the primary agent pool. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aksServicePrincipalProfile`](#parameter-aksserviceprincipalprofile) | object | Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. | +| [`appGatewayResourceId`](#parameter-appgatewayresourceid) | string | Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aadProfileAdminGroupObjectIDs`](#parameter-aadprofileadmingroupobjectids) | array | Specifies the AAD group object IDs that will have admin role of the cluster. | +| [`aadProfileClientAppID`](#parameter-aadprofileclientappid) | string | The client AAD application ID. | +| [`aadProfileEnableAzureRBAC`](#parameter-aadprofileenableazurerbac) | bool | Specifies whether to enable Azure RBAC for Kubernetes authorization. | +| [`aadProfileManaged`](#parameter-aadprofilemanaged) | bool | Specifies whether to enable managed AAD integration. | +| [`aadProfileServerAppID`](#parameter-aadprofileserverappid) | string | The server AAD application ID. | +| [`aadProfileServerAppSecret`](#parameter-aadprofileserverappsecret) | string | The server AAD application secret. | +| [`aadProfileTenantId`](#parameter-aadprofiletenantid) | string | Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. | +| [`aciConnectorLinuxEnabled`](#parameter-aciconnectorlinuxenabled) | bool | Specifies whether the aciConnectorLinux add-on is enabled or not. | +| [`adminUsername`](#parameter-adminusername) | string | Specifies the administrator username of Linux virtual machines. | +| [`agentPools`](#parameter-agentpools) | array | Define one or more secondary/additional agent pools. | +| [`authorizedIPRanges`](#parameter-authorizedipranges) | array | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. | +| [`autoScalerProfileBalanceSimilarNodeGroups`](#parameter-autoscalerprofilebalancesimilarnodegroups) | string | Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileExpander`](#parameter-autoscalerprofileexpander) | string | Specifies the expand strategy for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileMaxEmptyBulkDelete`](#parameter-autoscalerprofilemaxemptybulkdelete) | string | Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileMaxGracefulTerminationSec`](#parameter-autoscalerprofilemaxgracefulterminationsec) | string | Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileMaxNodeProvisionTime`](#parameter-autoscalerprofilemaxnodeprovisiontime) | string | Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. | +| [`autoScalerProfileMaxTotalUnreadyPercentage`](#parameter-autoscalerprofilemaxtotalunreadypercentage) | string | Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. | +| [`autoScalerProfileNewPodScaleUpDelay`](#parameter-autoscalerprofilenewpodscaleupdelay) | string | For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). | +| [`autoScalerProfileOkTotalUnreadyCount`](#parameter-autoscalerprofileoktotalunreadycount) | string | Specifies the OK total unready count for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownDelayAfterAdd`](#parameter-autoscalerprofilescaledowndelayafteradd) | string | Specifies the scale down delay after add of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownDelayAfterDelete`](#parameter-autoscalerprofilescaledowndelayafterdelete) | string | Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownDelayAfterFailure`](#parameter-autoscalerprofilescaledowndelayafterfailure) | string | Specifies scale down delay after failure of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownUnneededTime`](#parameter-autoscalerprofilescaledownunneededtime) | string | Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownUnreadyTime`](#parameter-autoscalerprofilescaledownunreadytime) | string | Specifies the scale down unready time of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScanInterval`](#parameter-autoscalerprofilescaninterval) | string | Specifies the scan interval of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileSkipNodesWithLocalStorage`](#parameter-autoscalerprofileskipnodeswithlocalstorage) | string | Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileSkipNodesWithSystemPods`](#parameter-autoscalerprofileskipnodeswithsystempods) | string | Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileUtilizationThreshold`](#parameter-autoscalerprofileutilizationthreshold) | string | Specifies the utilization threshold of the auto-scaler of the AKS cluster. | +| [`autoUpgradeProfileUpgradeChannel`](#parameter-autoupgradeprofileupgradechannel) | string | Auto-upgrade channel on the AKS cluster. | +| [`azurePolicyEnabled`](#parameter-azurepolicyenabled) | bool | Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. | +| [`azurePolicyVersion`](#parameter-azurepolicyversion) | string | Specifies the azure policy version to use. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAccounts`](#parameter-disablelocalaccounts) | bool | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. | +| [`disableRunCommand`](#parameter-disableruncommand) | bool | Whether to disable run command for the cluster or not. | +| [`diskEncryptionSetID`](#parameter-diskencryptionsetid) | string | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. | +| [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. | +| [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | +| [`dnsZoneResourceId`](#parameter-dnszoneresourceid) | string | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. | +| [`enableAzureDefender`](#parameter-enableazuredefender) | bool | Whether to enable Azure Defender. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableDnsZoneContributorRoleAssignment`](#parameter-enablednszonecontributorroleassignment) | bool | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. | +| [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | +| [`enableOidcIssuerProfile`](#parameter-enableoidcissuerprofile) | bool | Whether the The OIDC issuer profile of the Managed Cluster is enabled. | +| [`enablePodSecurityPolicy`](#parameter-enablepodsecuritypolicy) | bool | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. | +| [`enablePrivateCluster`](#parameter-enableprivatecluster) | bool | Specifies whether to create the cluster as a private cluster or not. | +| [`enablePrivateClusterPublicFQDN`](#parameter-enableprivateclusterpublicfqdn) | bool | Whether to create additional public FQDN for private cluster or not. | +| [`enableRBAC`](#parameter-enablerbac) | bool | Whether to enable Kubernetes Role-Based Access Control. | +| [`enableSecretRotation`](#parameter-enablesecretrotation) | string | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. | +| [`enableStorageProfileBlobCSIDriver`](#parameter-enablestorageprofileblobcsidriver) | bool | Whether the AzureBlob CSI Driver for the storage profile is enabled. | +| [`enableStorageProfileDiskCSIDriver`](#parameter-enablestorageprofilediskcsidriver) | bool | Whether the AzureDisk CSI Driver for the storage profile is enabled. | +| [`enableStorageProfileFileCSIDriver`](#parameter-enablestorageprofilefilecsidriver) | bool | Whether the AzureFile CSI Driver for the storage profile is enabled. | +| [`enableStorageProfileSnapshotController`](#parameter-enablestorageprofilesnapshotcontroller) | bool | Whether the snapshot controller for the storage profile is enabled. | +| [`enableWorkloadIdentity`](#parameter-enableworkloadidentity) | bool | Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. | +| [`fluxConfigurationProtectedSettings`](#parameter-fluxconfigurationprotectedsettings) | secureObject | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | +| [`fluxExtension`](#parameter-fluxextension) | object | Settings and configurations for the flux extension. | +| [`httpApplicationRoutingEnabled`](#parameter-httpapplicationroutingenabled) | bool | Specifies whether the httpApplicationRouting add-on is enabled or not. | +| [`httpProxyConfig`](#parameter-httpproxyconfig) | object | Configurations for provisioning the cluster with HTTP proxy servers. | +| [`identityProfile`](#parameter-identityprofile) | object | Identities associated with the cluster. | +| [`ingressApplicationGatewayEnabled`](#parameter-ingressapplicationgatewayenabled) | bool | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. | +| [`kubeDashboardEnabled`](#parameter-kubedashboardenabled) | bool | Specifies whether the kubeDashboard add-on is enabled or not. | +| [`kubernetesVersion`](#parameter-kubernetesversion) | string | Version of Kubernetes specified when creating the managed cluster. | +| [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | +| [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedOutboundIPCount`](#parameter-managedoutboundipcount) | int | Outbound IP Count for the Load balancer. | +| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. | +| [`networkDataplane`](#parameter-networkdataplane) | string | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | +| [`networkPlugin`](#parameter-networkplugin) | string | Specifies the network plugin used for building Kubernetes network. | +| [`networkPluginMode`](#parameter-networkpluginmode) | string | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. | +| [`networkPolicy`](#parameter-networkpolicy) | string | Specifies the network policy used for building Kubernetes network. - calico or azure. | +| [`nodeResourceGroup`](#parameter-noderesourcegroup) | string | Name of the resource group containing agent pool nodes. | +| [`omsAgentEnabled`](#parameter-omsagentenabled) | bool | Specifies whether the OMS agent is enabled. | +| [`openServiceMeshEnabled`](#parameter-openservicemeshenabled) | bool | Specifies whether the openServiceMesh add-on is enabled or not. | +| [`outboundType`](#parameter-outboundtype) | string | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. | +| [`podCidr`](#parameter-podcidr) | string | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. | +| [`podIdentityProfileAllowNetworkPluginKubenet`](#parameter-podidentityprofileallownetworkpluginkubenet) | bool | Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. | +| [`podIdentityProfileEnable`](#parameter-podidentityprofileenable) | bool | Whether the pod identity addon is enabled. | +| [`podIdentityProfileUserAssignedIdentities`](#parameter-podidentityprofileuserassignedidentities) | array | The pod identities to use in the cluster. | +| [`podIdentityProfileUserAssignedIdentityExceptions`](#parameter-podidentityprofileuserassignedidentityexceptions) | array | The pod identity exceptions to allow. | +| [`privateDNSZone`](#parameter-privatednszone) | string | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceCidr`](#parameter-servicecidr) | string | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | +| [`skuTier`](#parameter-skutier) | string | Tier of a managed cluster SKU. - Free or Standard. | +| [`sshPublicKey`](#parameter-sshpublickey) | string | Specifies the SSH RSA public key string for the Linux nodes. | +| [`supportPlan`](#parameter-supportplan) | string | The support plan for the Managed Cluster. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | + +### Parameter: `aadProfileAdminGroupObjectIDs` + +Specifies the AAD group object IDs that will have admin role of the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `aadProfileClientAppID` + +The client AAD application ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `aadProfileEnableAzureRBAC` + +Specifies whether to enable Azure RBAC for Kubernetes authorization. +- Required: No +- Type: bool +- Default: `[parameters('enableRBAC')]` + +### Parameter: `aadProfileManaged` + +Specifies whether to enable managed AAD integration. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `aadProfileServerAppID` + +The server AAD application ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `aadProfileServerAppSecret` + +The server AAD application secret. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `aadProfileTenantId` + +Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. +- Required: No +- Type: string +- Default: `[subscription().tenantId]` + +### Parameter: `aciConnectorLinuxEnabled` + +Specifies whether the aciConnectorLinux add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `adminUsername` + +Specifies the administrator username of Linux virtual machines. +- Required: No +- Type: string +- Default: `'azureuser'` + +### Parameter: `agentPools` + +Define one or more secondary/additional agent pools. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `aksServicePrincipalProfile` + +Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `appGatewayResourceId` + +Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `authorizedIPRanges` + +IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `autoScalerProfileBalanceSimilarNodeGroups` + +Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `autoScalerProfileExpander` + +Specifies the expand strategy for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'random'` +- Allowed: `[least-waste, most-pods, priority, random]` + +### Parameter: `autoScalerProfileMaxEmptyBulkDelete` + +Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10'` + +### Parameter: `autoScalerProfileMaxGracefulTerminationSec` + +Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'600'` + +### Parameter: `autoScalerProfileMaxNodeProvisionTime` + +Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. +- Required: No +- Type: string +- Default: `'15m'` + +### Parameter: `autoScalerProfileMaxTotalUnreadyPercentage` + +Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. +- Required: No +- Type: string +- Default: `'45'` + +### Parameter: `autoScalerProfileNewPodScaleUpDelay` + +For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). +- Required: No +- Type: string +- Default: `'0s'` + +### Parameter: `autoScalerProfileOkTotalUnreadyCount` + +Specifies the OK total unready count for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'3'` + +### Parameter: `autoScalerProfileScaleDownDelayAfterAdd` + +Specifies the scale down delay after add of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10m'` + +### Parameter: `autoScalerProfileScaleDownDelayAfterDelete` + +Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'20s'` + +### Parameter: `autoScalerProfileScaleDownDelayAfterFailure` + +Specifies scale down delay after failure of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'3m'` + +### Parameter: `autoScalerProfileScaleDownUnneededTime` + +Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10m'` + +### Parameter: `autoScalerProfileScaleDownUnreadyTime` + +Specifies the scale down unready time of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'20m'` + +### Parameter: `autoScalerProfileScanInterval` + +Specifies the scan interval of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10s'` + +### Parameter: `autoScalerProfileSkipNodesWithLocalStorage` + +Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'true'` +- Allowed: `[false, true]` + +### Parameter: `autoScalerProfileSkipNodesWithSystemPods` + +Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'true'` +- Allowed: `[false, true]` + +### Parameter: `autoScalerProfileUtilizationThreshold` + +Specifies the utilization threshold of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'0.5'` + +### Parameter: `autoUpgradeProfileUpgradeChannel` + +Auto-upgrade channel on the AKS cluster. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', node-image, none, patch, rapid, stable]` + +### Parameter: `azurePolicyEnabled` + +Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `azurePolicyVersion` + +Specifies the azure policy version to use. +- Required: No +- Type: string +- Default: `'v2'` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAccounts` + +If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableRunCommand` + +Whether to disable run command for the cluster or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `diskEncryptionSetID` + +The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsPrefix` + +Specifies the DNS prefix specified when creating the managed cluster. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `dnsServiceIP` + +Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsZoneResourceId` + +Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableAzureDefender` + +Whether to enable Azure Defender. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDnsZoneContributorRoleAssignment` + +Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableKeyvaultSecretsProvider` + +Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableOidcIssuerProfile` + +Whether the The OIDC issuer profile of the Managed Cluster is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePodSecurityPolicy` + +Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePrivateCluster` + +Specifies whether to create the cluster as a private cluster or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePrivateClusterPublicFQDN` + +Whether to create additional public FQDN for private cluster or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRBAC` + +Whether to enable Kubernetes Role-Based Access Control. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableSecretRotation` + +Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `enableStorageProfileBlobCSIDriver` + +Whether the AzureBlob CSI Driver for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableStorageProfileDiskCSIDriver` + +Whether the AzureDisk CSI Driver for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableStorageProfileFileCSIDriver` + +Whether the AzureFile CSI Driver for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableStorageProfileSnapshotController` + +Whether the snapshot controller for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableWorkloadIdentity` + +Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `fluxConfigurationProtectedSettings` + +Configuration settings that are sensitive, as name-value pairs for configuring this extension. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `fluxExtension` + +Settings and configurations for the flux extension. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `httpApplicationRoutingEnabled` + +Specifies whether the httpApplicationRouting add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `httpProxyConfig` + +Configurations for provisioning the cluster with HTTP proxy servers. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `identityProfile` + +Identities associated with the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `ingressApplicationGatewayEnabled` + +Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kubeDashboardEnabled` + +Specifies whether the kubeDashboard add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kubernetesVersion` + +Version of Kubernetes specified when creating the managed cluster. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `loadBalancerSku` + +Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. +- Required: No +- Type: string +- Default: `'standard'` +- Allowed: `[basic, standard]` + +### Parameter: `location` + +Specifies the location of AKS cluster. It picks up Resource Group's location by default. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedOutboundIPCount` + +Outbound IP Count for the Load balancer. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `monitoringWorkspaceId` + +Resource ID of the monitoring log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Specifies the name of the AKS cluster. +- Required: Yes +- Type: string + +### Parameter: `networkDataplane` + +Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', azure, cilium]` + +### Parameter: `networkPlugin` + +Specifies the network plugin used for building Kubernetes network. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', azure, kubenet]` + +### Parameter: `networkPluginMode` + +Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', overlay]` + +### Parameter: `networkPolicy` + +Specifies the network policy used for building Kubernetes network. - calico or azure. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', azure, calico]` + +### Parameter: `nodeResourceGroup` + +Name of the resource group containing agent pool nodes. +- Required: No +- Type: string +- Default: `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` + +### Parameter: `omsAgentEnabled` + +Specifies whether the OMS agent is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `openServiceMeshEnabled` + +Specifies whether the openServiceMesh add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `outboundType` + +Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. +- Required: No +- Type: string +- Default: `'loadBalancer'` +- Allowed: `[loadBalancer, userDefinedRouting]` + +### Parameter: `podCidr` + +Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `podIdentityProfileAllowNetworkPluginKubenet` + +Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `podIdentityProfileEnable` + +Whether the pod identity addon is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `podIdentityProfileUserAssignedIdentities` + +The pod identities to use in the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `podIdentityProfileUserAssignedIdentityExceptions` + +The pod identity exceptions to allow. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `primaryAgentPoolProfile` + +Properties of the primary agent pool. +- Required: Yes +- Type: array + +### Parameter: `privateDNSZone` + +Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceCidr` + +A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `skuTier` + +Tier of a managed cluster SKU. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Premium, Standard]` + +### Parameter: `sshPublicKey` + +Specifies the SSH RSA public key string for the Linux nodes. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportPlan` + +The support plan for the Managed Cluster. +- Required: No +- Type: string +- Default: `'KubernetesOfficial'` +- Allowed: `[AKSLongTermSupport, KubernetesOfficial]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webApplicationRoutingEnabled` + +Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `addonProfiles` | object | The addonProfiles of the Kubernetes cluster. | +| `controlPlaneFQDN` | string | The control plane FQDN of the managed cluster. | +| `keyvaultIdentityClientId` | string | The Client ID of the Key Vault Secrets Provider identity. | +| `keyvaultIdentityObjectId` | string | The Object ID of the Key Vault Secrets Provider identity. | +| `kubeletidentityObjectId` | string | The Object ID of the AKS identity. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the managed cluster. | +| `oidcIssuerUrl` | string | The OIDC token issuer URL. | +| `omsagentIdentityObjectId` | string | The Object ID of the OMS agent identity. | +| `resourceGroupName` | string | The resource group the managed cluster was deployed into. | +| `resourceId` | string | The resource ID of the managed cluster. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/kubernetes-configuration/extension` | Local reference | +| `modules/kubernetes-configuration/flux-configuration` | Local reference | + ## Notes ### Parameter Usage: `httpProxyConfig` diff --git a/modules/container-service/managed-cluster/agent-pool/README.md b/modules/container-service/managed-cluster/agent-pool/README.md index 56fd616524..3c02efae7a 100644 --- a/modules/container-service/managed-cluster/agent-pool/README.md +++ b/modules/container-service/managed-cluster/agent-pool/README.md @@ -4,12 +4,12 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,60 +19,324 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the agent pool. | +| [`name`](#parameter-name) | string | Name of the agent pool. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedClusterName` | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. | +| [`managedClusterName`](#parameter-managedclustername) | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `availabilityZones` | array | `[]` | | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". | -| `count` | int | `1` | | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | -| `enableAutoScaling` | bool | `False` | | Whether to enable auto-scaler. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableEncryptionAtHost` | bool | `False` | | This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. | -| `enableFIPS` | bool | `False` | | See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. | -| `enableNodePublicIP` | bool | `False` | | Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). | -| `enableUltraSSD` | bool | `False` | | Whether to enable UltraSSD. | -| `gpuInstanceProfile` | string | `''` | `['', MIG1g, MIG2g, MIG3g, MIG4g, MIG7g]` | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | -| `kubeletDiskType` | string | `''` | | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | -| `maxCount` | int | `-1` | | The maximum number of nodes for auto-scaling. | -| `maxPods` | int | `-1` | | The maximum number of pods that can run on a node. | -| `maxSurge` | string | `''` | | This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. | -| `minCount` | int | `-1` | | The minimum number of nodes for auto-scaling. | -| `mode` | string | `''` | | A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. | -| `nodeLabels` | object | `{object}` | | The node labels to be persisted across all nodes in agent pool. | -| `nodePublicIpPrefixId` | string | `''` | | ResourceId of the node PublicIPPrefix. | -| `nodeTaints` | array | `[]` | | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | -| `orchestratorVersion` | string | `''` | | As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). | -| `osDiskSizeGB` | int | `0` | | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | -| `osDiskType` | string | `''` | `['', Ephemeral, Managed]` | The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). | -| `osSku` | string | `''` | `['', AzureLinux, CBLMariner, Ubuntu, Windows2019, Windows2022]` | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | -| `osType` | string | `'Linux'` | `[Linux, Windows]` | The operating system type. The default is Linux. | -| `podSubnetId` | string | `''` | | Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | -| `proximityPlacementGroupResourceId` | string | `''` | | The ID for the Proximity Placement Group. | -| `scaleDownMode` | string | `'Delete'` | `[Deallocate, Delete]` | Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). | -| `scaleSetEvictionPolicy` | string | `'Delete'` | `[Deallocate, Delete]` | The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. | -| `scaleSetPriority` | string | `''` | `['', Regular, Spot]` | The Virtual Machine Scale Set priority. | -| `sourceResourceId` | string | `''` | | This is the ARM ID of the source object to be used to create the target object. | -| `spotMaxPrice` | int | `-1` | | Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). | -| `tags` | object | `{object}` | | Tags of the resource. | -| `type` | string | `''` | | The type of Agent Pool. | -| `vmSize` | string | `'Standard_D2s_v3'` | | VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. | -| `vnetSubnetId` | string | `''` | | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | -| `workloadRuntime` | string | `''` | | Determines the type of workload a node can run. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`availabilityZones`](#parameter-availabilityzones) | array | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". | +| [`count`](#parameter-count) | int | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | +| [`enableAutoScaling`](#parameter-enableautoscaling) | bool | Whether to enable auto-scaler. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableEncryptionAtHost`](#parameter-enableencryptionathost) | bool | This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. | +| [`enableFIPS`](#parameter-enablefips) | bool | See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. | +| [`enableNodePublicIP`](#parameter-enablenodepublicip) | bool | Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). | +| [`enableUltraSSD`](#parameter-enableultrassd) | bool | Whether to enable UltraSSD. | +| [`gpuInstanceProfile`](#parameter-gpuinstanceprofile) | string | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | +| [`kubeletDiskType`](#parameter-kubeletdisktype) | string | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | +| [`maxCount`](#parameter-maxcount) | int | The maximum number of nodes for auto-scaling. | +| [`maxPods`](#parameter-maxpods) | int | The maximum number of pods that can run on a node. | +| [`maxSurge`](#parameter-maxsurge) | string | This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. | +| [`minCount`](#parameter-mincount) | int | The minimum number of nodes for auto-scaling. | +| [`mode`](#parameter-mode) | string | A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. | +| [`nodeLabels`](#parameter-nodelabels) | object | The node labels to be persisted across all nodes in agent pool. | +| [`nodePublicIpPrefixId`](#parameter-nodepublicipprefixid) | string | ResourceId of the node PublicIPPrefix. | +| [`nodeTaints`](#parameter-nodetaints) | array | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | +| [`orchestratorVersion`](#parameter-orchestratorversion) | string | As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). | +| [`osDiskSizeGB`](#parameter-osdisksizegb) | int | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | +| [`osDiskType`](#parameter-osdisktype) | string | The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). | +| [`osSku`](#parameter-ossku) | string | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | +| [`osType`](#parameter-ostype) | string | The operating system type. The default is Linux. | +| [`podSubnetId`](#parameter-podsubnetid) | string | Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | The ID for the Proximity Placement Group. | +| [`scaleDownMode`](#parameter-scaledownmode) | string | Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). | +| [`scaleSetEvictionPolicy`](#parameter-scalesetevictionpolicy) | string | The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. | +| [`scaleSetPriority`](#parameter-scalesetpriority) | string | The Virtual Machine Scale Set priority. | +| [`sourceResourceId`](#parameter-sourceresourceid) | string | This is the ARM ID of the source object to be used to create the target object. | +| [`spotMaxPrice`](#parameter-spotmaxprice) | int | Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`type`](#parameter-type) | string | The type of Agent Pool. | +| [`vmSize`](#parameter-vmsize) | string | VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. | +| [`vnetSubnetId`](#parameter-vnetsubnetid) | string | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | +| [`workloadRuntime`](#parameter-workloadruntime) | string | Determines the type of workload a node can run. | + +### Parameter: `availabilityZones` + +The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `count` + +Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `enableAutoScaling` + +Whether to enable auto-scaler. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableEncryptionAtHost` + +This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableFIPS` + +See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableNodePublicIP` + +Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableUltraSSD` + +Whether to enable UltraSSD. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gpuInstanceProfile` + +GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', MIG1g, MIG2g, MIG3g, MIG4g, MIG7g]` + +### Parameter: `kubeletDiskType` + +Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `managedClusterName` + +The name of the parent managed cluster. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `maxCount` + +The maximum number of nodes for auto-scaling. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `maxPods` + +The maximum number of pods that can run on a node. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `maxSurge` + +This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `minCount` + +The minimum number of nodes for auto-scaling. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `mode` + +A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the agent pool. +- Required: Yes +- Type: string + +### Parameter: `nodeLabels` + +The node labels to be persisted across all nodes in agent pool. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `nodePublicIpPrefixId` + +ResourceId of the node PublicIPPrefix. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `nodeTaints` + +The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `orchestratorVersion` + +As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `osDiskSizeGB` + +OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `osDiskType` + +The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Ephemeral, Managed]` + +### Parameter: `osSku` + +Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AzureLinux, CBLMariner, Ubuntu, Windows2019, Windows2022]` + +### Parameter: `osType` + +The operating system type. The default is Linux. +- Required: No +- Type: string +- Default: `'Linux'` +- Allowed: `[Linux, Windows]` + +### Parameter: `podSubnetId` + +Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `proximityPlacementGroupResourceId` + +The ID for the Proximity Placement Group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scaleDownMode` + +Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). +- Required: No +- Type: string +- Default: `'Delete'` +- Allowed: `[Deallocate, Delete]` + +### Parameter: `scaleSetEvictionPolicy` + +The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. +- Required: No +- Type: string +- Default: `'Delete'` +- Allowed: `[Deallocate, Delete]` + +### Parameter: `scaleSetPriority` + +The Virtual Machine Scale Set priority. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Regular, Spot]` + +### Parameter: `sourceResourceId` + +This is the ARM ID of the source object to be used to create the target object. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `spotMaxPrice` + +Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The type of Agent Pool. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vmSize` + +VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. +- Required: No +- Type: string +- Default: `'Standard_D2s_v3'` + +### Parameter: `vnetSubnetId` + +Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `workloadRuntime` + +Determines the type of workload a node can run. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the agent pool. | | `resourceGroupName` | string | The resource group the agent pool was deployed into. | diff --git a/modules/container-service/managed-cluster/agent-pool/main.json b/modules/container-service/managed-cluster/agent-pool/main.json index a99f675bf9..9325db5ebe 100644 --- a/modules/container-service/managed-cluster/agent-pool/main.json +++ b/modules/container-service/managed-cluster/agent-pool/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15838012443949702483" + "version": "0.22.6.54827", + "templateHash": "4102221439423294777" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json index ee3d0499c8..ad17d46755 100644 --- a/modules/container-service/managed-cluster/main.json +++ b/modules/container-service/managed-cluster/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1411508113014099928" + "version": "0.22.6.54827", + "templateHash": "5840083578872726906" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -1102,8 +1102,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15838012443949702483" + "version": "0.22.6.54827", + "templateHash": "4102221439423294777" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", @@ -1545,8 +1545,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14913275975998013893" + "version": "0.22.6.54827", + "templateHash": "5002606439705018990" }, "name": "Kubernetes Configuration Extensions", "description": "This module deploys a Kubernetes Configuration Extension.", @@ -1708,8 +1708,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11648869363176032755" + "version": "0.22.6.54827", + "templateHash": "6686104224333946371" }, "name": "Kubernetes Configuration Flux Configurations", "description": "This module deploys a Kubernetes Configuration Flux Configuration.", @@ -1929,8 +1929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11132457537180081397" + "version": "0.22.6.54827", + "templateHash": "921005320898310167" } }, "parameters": { diff --git a/modules/data-factory/factory/.test/common/main.test.bicep b/modules/data-factory/factory/.test/common/main.test.bicep index 31c1fa8500..9d7ac74872 100644 --- a/modules/data-factory/factory/.test/common/main.test.bicep +++ b/modules/data-factory/factory/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-factory/factory/.test/min/main.test.bicep b/modules/data-factory/factory/.test/min/main.test.bicep index 9f0e43eef7..f5dadd9372 100644 --- a/modules/data-factory/factory/.test/min/main.test.bicep +++ b/modules/data-factory/factory/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-factory/factory/README.md b/modules/data-factory/factory/README.md index 02ca57084e..f9473fa622 100644 --- a/modules/data-factory/factory/README.md +++ b/modules/data-factory/factory/README.md @@ -4,14 +4,14 @@ This module deploys a Data Factory. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -25,91 +25,28 @@ This module deploys a Data Factory. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Factory to create. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/data-factory.factory:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gitAccountName` | string | `''` | | The account name. | -| `gitCollaborationBranch` | string | `'main'` | | The collaboration branch name. Default is 'main'. | -| `gitConfigureLater` | bool | `True` | | Boolean to define whether or not to configure git during template deployment. | -| `gitDisablePublish` | bool | `False` | | Disable manual publish operation in ADF studio to favor automated publish. | -| `gitHostName` | string | `''` | | The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. | -| `gitProjectName` | string | `''` | | The project name. Only relevant for 'FactoryVSTSConfiguration'. | -| `gitRepositoryName` | string | `''` | | The repository name. | -| `gitRepoType` | string | `'FactoryVSTSConfiguration'` | | Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. | -| `gitRootFolder` | string | `'/'` | | The root folder path name. Default is '/'. | -| `globalParameters` | object | `{object}` | | List of Global Parameters for the factory. | -| `integrationRuntimes` | array | `[]` | | An array of objects for the configuration of an Integration Runtime. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedPrivateEndpoints` | array | `[]` | | An array of managed private endpoints objects created in the Data Factory managed virtual network. | -| `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the Azure Data Factory instance. | -| `resourceGroupName` | string | The name of the Resource Group with the Data factory. | -| `resourceId` | string | The Resource ID of the Data factory. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module factory './data-factory/factory/main.bicep' = { +module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dffcom' params: { // Required parameters @@ -333,14 +270,17 @@ module factory './data-factory/factory/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module factory './data-factory/factory/main.bicep' = { +module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dffmin' params: { // Required parameters @@ -379,6 +319,317 @@ module factory './data-factory/factory/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Factory to create. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gitAccountName`](#parameter-gitaccountname) | string | The account name. | +| [`gitCollaborationBranch`](#parameter-gitcollaborationbranch) | string | The collaboration branch name. Default is 'main'. | +| [`gitConfigureLater`](#parameter-gitconfigurelater) | bool | Boolean to define whether or not to configure git during template deployment. | +| [`gitDisablePublish`](#parameter-gitdisablepublish) | bool | Disable manual publish operation in ADF studio to favor automated publish. | +| [`gitHostName`](#parameter-githostname) | string | The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. | +| [`gitProjectName`](#parameter-gitprojectname) | string | The project name. Only relevant for 'FactoryVSTSConfiguration'. | +| [`gitRepositoryName`](#parameter-gitrepositoryname) | string | The repository name. | +| [`gitRepoType`](#parameter-gitrepotype) | string | Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. | +| [`gitRootFolder`](#parameter-gitrootfolder) | string | The root folder path name. Default is '/'. | +| [`globalParameters`](#parameter-globalparameters) | object | List of Global Parameters for the factory. | +| [`integrationRuntimes`](#parameter-integrationruntimes) | array | An array of objects for the configuration of an Integration Runtime. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. | +| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitAccountName` + +The account name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitCollaborationBranch` + +The collaboration branch name. Default is 'main'. +- Required: No +- Type: string +- Default: `'main'` + +### Parameter: `gitConfigureLater` + +Boolean to define whether or not to configure git during template deployment. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitDisablePublish` + +Disable manual publish operation in ADF studio to favor automated publish. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gitHostName` + +The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitProjectName` + +The project name. Only relevant for 'FactoryVSTSConfiguration'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitRepositoryName` + +The repository name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitRepoType` + +Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. +- Required: No +- Type: string +- Default: `'FactoryVSTSConfiguration'` + +### Parameter: `gitRootFolder` + +The root folder path name. Default is '/'. +- Required: No +- Type: string +- Default: `'/'` + +### Parameter: `globalParameters` + +List of Global Parameters for the factory. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `integrationRuntimes` + +An array of objects for the configuration of an Integration Runtime. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedPrivateEndpoints` + +An array of managed private endpoints objects created in the Data Factory managed virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `managedVirtualNetworkName` + +The name of the Managed Virtual Network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Azure Factory to create. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the Azure Data Factory instance. | +| `resourceGroupName` | string | The name of the Resource Group with the Data factory. | +| `resourceId` | string | The Resource ID of the Data factory. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `managedPrivateEndpoints` diff --git a/modules/data-factory/factory/integration-runtime/README.md b/modules/data-factory/factory/integration-runtime/README.md index 420d090782..27111ad237 100644 --- a/modules/data-factory/factory/integration-runtime/README.md +++ b/modules/data-factory/factory/integration-runtime/README.md @@ -4,13 +4,13 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,29 +20,69 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the Integration Runtime. | -| `type` | string | `[Managed, SelfHosted]` | The type of Integration Runtime. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Integration Runtime. | +| [`type`](#parameter-type) | string | The type of Integration Runtime. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dataFactoryName` | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | +| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `managedVirtualNetworkName` | string | `''` | The name of the Managed Virtual Network if using type "Managed" . | -| `typeProperties` | object | `{object}` | Integration Runtime type properties. Required if type is "Managed". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network if using type "Managed" . | +| [`typeProperties`](#parameter-typeproperties) | object | Integration Runtime type properties. Required if type is "Managed". | + +### Parameter: `dataFactoryName` + +The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedVirtualNetworkName` + +The name of the Managed Virtual Network if using type "Managed" . +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Integration Runtime. +- Required: Yes +- Type: string + +### Parameter: `type` + +The type of Integration Runtime. +- Required: Yes +- Type: string +- Allowed: `[Managed, SelfHosted]` + +### Parameter: `typeProperties` + +Integration Runtime type properties. Required if type is "Managed". +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Integration Runtime. | | `resourceGroupName` | string | The name of the Resource Group the Integration Runtime was created in. | diff --git a/modules/data-factory/factory/integration-runtime/main.json b/modules/data-factory/factory/integration-runtime/main.json index bb811c619f..1622eb4e06 100644 --- a/modules/data-factory/factory/integration-runtime/main.json +++ b/modules/data-factory/factory/integration-runtime/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3532154338917341406" + "version": "0.22.6.54827", + "templateHash": "2407789138740487733" }, "name": "Data Factory Integration RunTimes", "description": "This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.", diff --git a/modules/data-factory/factory/main.json b/modules/data-factory/factory/main.json index 377ac5f940..ca428834bc 100644 --- a/modules/data-factory/factory/main.json +++ b/modules/data-factory/factory/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "636961564143694705" + "version": "0.22.6.54827", + "templateHash": "5636410891768038353" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -396,8 +396,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7244200630080980053" + "version": "0.22.6.54827", + "templateHash": "14273608975905052502" }, "name": "Data Factory Managed Virtual Networks", "description": "This module deploys a Data Factory Managed Virtual Network.", @@ -497,8 +497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8218881783737158619" + "version": "0.22.6.54827", + "templateHash": "1490870890954327678" }, "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints", "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.", @@ -666,8 +666,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1297850532911310740" + "version": "0.22.6.54827", + "templateHash": "2407789138740487733" }, "name": "Data Factory Integration RunTimes", "description": "This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.", @@ -810,8 +810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18228102662712097574" + "version": "0.22.6.54827", + "templateHash": "18126264566074899156" } }, "parameters": { @@ -971,8 +971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1171,8 +1171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1309,8 +1309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/data-factory/factory/managed-virtual-network/README.md b/modules/data-factory/factory/managed-virtual-network/README.md index cda18555b9..59b92e31fe 100644 --- a/modules/data-factory/factory/managed-virtual-network/README.md +++ b/modules/data-factory/factory/managed-virtual-network/README.md @@ -4,13 +4,13 @@ This module deploys a Data Factory Managed Virtual Network. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,27 +21,53 @@ This module deploys a Data Factory Managed Virtual Network. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Managed Virtual Network. | +| [`name`](#parameter-name) | string | The name of the Managed Virtual Network. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dataFactoryName` | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | +| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `managedPrivateEndpoints` | array | `[]` | An array of managed private endpoints objects created in the Data Factory managed virtual network. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. | + +### Parameter: `dataFactoryName` + +The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedPrivateEndpoints` + +An array of managed private endpoints objects created in the Data Factory managed virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the Managed Virtual Network. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Managed Virtual Network. | | `resourceGroupName` | string | The name of the Resource Group the Managed Virtual Network was created in. | diff --git a/modules/data-factory/factory/managed-virtual-network/main.json b/modules/data-factory/factory/managed-virtual-network/main.json index 2885cf59b4..96dc5dd33b 100644 --- a/modules/data-factory/factory/managed-virtual-network/main.json +++ b/modules/data-factory/factory/managed-virtual-network/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12310194736024387290" + "version": "0.22.6.54827", + "templateHash": "14273608975905052502" }, "name": "Data Factory Managed Virtual Networks", "description": "This module deploys a Data Factory Managed Virtual Network.", @@ -105,8 +105,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17089196483393073819" + "version": "0.22.6.54827", + "templateHash": "1490870890954327678" }, "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints", "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.", diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md index 7d3631961a..8d1265830d 100644 --- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md +++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md @@ -19,30 +19,73 @@ This module deploys a Data Factory Managed Virtual Network Managed Private Endpo **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `fqdns` | array | Fully qualified domain names. | -| `groupId` | string | The groupId to which the managed private endpoint is created. | -| `managedVirtualNetworkName` | string | The name of the parent managed virtual network. | -| `name` | string | The managed private endpoint resource name. | -| `privateLinkResourceId` | string | The ARM resource ID of the resource to which the managed private endpoint is created. | +| [`fqdns`](#parameter-fqdns) | array | Fully qualified domain names. | +| [`groupId`](#parameter-groupid) | string | The groupId to which the managed private endpoint is created. | +| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the parent managed virtual network. | +| [`name`](#parameter-name) | string | The managed private endpoint resource name. | +| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The ARM resource ID of the resource to which the managed private endpoint is created. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dataFactoryName` | string | The name of the parent data factory. Required if the template is used in a standalone deployment. | +| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent data factory. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `dataFactoryName` + +The name of the parent data factory. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fqdns` + +Fully qualified domain names. +- Required: Yes +- Type: array + +### Parameter: `groupId` + +The groupId to which the managed private endpoint is created. +- Required: Yes +- Type: string + +### Parameter: `managedVirtualNetworkName` + +The name of the parent managed virtual network. +- Required: Yes +- Type: string + +### Parameter: `name` + +The managed private endpoint resource name. +- Required: Yes +- Type: string + +### Parameter: `privateLinkResourceId` + +The ARM resource ID of the resource to which the managed private endpoint is created. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed managed private endpoint. | | `resourceGroupName` | string | The resource group of the deployed managed private endpoint. | diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json index aa4a6643bf..96606099ca 100644 --- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json +++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17089196483393073819" + "version": "0.22.6.54827", + "templateHash": "1490870890954327678" }, "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints", "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.", diff --git a/modules/data-protection/backup-vault/.test/common/main.test.bicep b/modules/data-protection/backup-vault/.test/common/main.test.bicep index 218affe3d4..18be93ad16 100644 --- a/modules/data-protection/backup-vault/.test/common/main.test.bicep +++ b/modules/data-protection/backup-vault/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-protection/backup-vault/.test/min/main.test.bicep b/modules/data-protection/backup-vault/.test/min/main.test.bicep index 8fdcfd95c0..e96ec60caf 100644 --- a/modules/data-protection/backup-vault/.test/min/main.test.bicep +++ b/modules/data-protection/backup-vault/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-protection/backup-vault/README.md b/modules/data-protection/backup-vault/README.md index f0e7d4caee..bf67a3843d 100644 --- a/modules/data-protection/backup-vault/README.md +++ b/modules/data-protection/backup-vault/README.md @@ -5,10 +5,10 @@ This module deploys a Data Protection Backup Vault. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -20,61 +20,28 @@ This module deploys a Data Protection Backup Vault. | `Microsoft.DataProtection/backupVaults` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/backupVaults) | | `Microsoft.DataProtection/backupVaults/backupPolicies` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/backupVaults/backupPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Backup Vault. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `azureMonitorAlertSettingsAlertsForAllJobFailures` | string | `'Enabled'` | `[Disabled, Enabled]` | Settings for Azure Monitor based alerts for job failures. | -| `backupPolicies` | array | `[]` | | List of all backup policies. | -| `dataStoreType` | string | `'VaultStore'` | `[ArchiveStore, OperationalStore, VaultStore]` | The datastore type to use. ArchiveStore does not support ZoneRedundancy. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `featureSettings` | object | `{object}` | | Feature settings for the backup vault. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securitySettings` | object | `{object}` | | Security settings for the backup vault. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | -| `type` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ZoneRedundant]` | The vault redundancy level to use. | - +## Usage examples -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the backup vault. | -| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | -| `resourceId` | string | The resource ID of the backup vault. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/data-protection.backup-vault:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module backupVault './data-protection/backup-vault/main.bicep' = { +module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dpbvcom' params: { // Required parameters @@ -282,14 +249,17 @@ module backupVault './data-protection/backup-vault/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module backupVault './data-protection/backup-vault/main.bicep' = { +module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dpbvmin' params: { // Required parameters @@ -328,6 +298,140 @@ module backupVault './data-protection/backup-vault/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Backup Vault. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureMonitorAlertSettingsAlertsForAllJobFailures`](#parameter-azuremonitoralertsettingsalertsforalljobfailures) | string | Settings for Azure Monitor based alerts for job failures. | +| [`backupPolicies`](#parameter-backuppolicies) | array | List of all backup policies. | +| [`dataStoreType`](#parameter-datastoretype) | string | The datastore type to use. ArchiveStore does not support ZoneRedundancy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`featureSettings`](#parameter-featuresettings) | object | Feature settings for the backup vault. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securitySettings`](#parameter-securitysettings) | object | Security settings for the backup vault. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. | +| [`type`](#parameter-type) | string | The vault redundancy level to use. | + +### Parameter: `azureMonitorAlertSettingsAlertsForAllJobFailures` + +Settings for Azure Monitor based alerts for job failures. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `backupPolicies` + +List of all backup policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataStoreType` + +The datastore type to use. ArchiveStore does not support ZoneRedundancy. +- Required: No +- Type: string +- Default: `'VaultStore'` +- Allowed: `[ArchiveStore, OperationalStore, VaultStore]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `featureSettings` + +Feature settings for the backup vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Backup Vault. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securitySettings` + +Security settings for the backup vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Recovery Service Vault resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The vault redundancy level to use. +- Required: No +- Type: string +- Default: `'GeoRedundant'` +- Allowed: `[GeoRedundant, LocallyRedundant, ZoneRedundant]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the backup vault. | +| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | +| `resourceId` | string | The resource ID of the backup vault. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `backupPolicies` diff --git a/modules/data-protection/backup-vault/backup-policy/README.md b/modules/data-protection/backup-vault/backup-policy/README.md index dea9657139..169a76f3d5 100644 --- a/modules/data-protection/backup-vault/backup-policy/README.md +++ b/modules/data-protection/backup-vault/backup-policy/README.md @@ -20,22 +20,49 @@ This module deploys a Data Protection Backup Vault Backup Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `backupVaultName` | string | The name of the backup vault. | +| [`backupVaultName`](#parameter-backupvaultname) | string | The name of the backup vault. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'DefaultPolicy'` | The name of the backup policy. | -| `properties` | object | `{object}` | The properties of the backup policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the backup policy. | +| [`properties`](#parameter-properties) | object | The properties of the backup policy. | + +### Parameter: `backupVaultName` + +The name of the backup vault. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the backup policy. +- Required: No +- Type: string +- Default: `'DefaultPolicy'` + +### Parameter: `properties` + +The properties of the backup policy. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the backup policy. | | `resourceGroupName` | string | The name of the resource group the backup policy was created in. | diff --git a/modules/data-protection/backup-vault/backup-policy/main.json b/modules/data-protection/backup-vault/backup-policy/main.json index 259cf9ab04..9717619f41 100644 --- a/modules/data-protection/backup-vault/backup-policy/main.json +++ b/modules/data-protection/backup-vault/backup-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13351591046039775322" + "version": "0.22.6.54827", + "templateHash": "4068293382331739919" }, "name": "Data Protection Backup Vault Backup Policies", "description": "This module deploys a Data Protection Backup Vault Backup Policy.", diff --git a/modules/data-protection/backup-vault/main.json b/modules/data-protection/backup-vault/main.json index 6f38347abd..0251fbd6b9 100644 --- a/modules/data-protection/backup-vault/main.json +++ b/modules/data-protection/backup-vault/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9192043285599381556" + "version": "0.22.6.54827", + "templateHash": "758221244478675783" }, "name": "Data Protection Backup Vaults", "description": "This module deploys a Data Protection Backup Vault.", @@ -212,8 +212,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7012714576885585177" + "version": "0.22.6.54827", + "templateHash": "4068293382331739919" }, "name": "Data Protection Backup Vault Backup Policies", "description": "This module deploys a Data Protection Backup Vault Backup Policy.", @@ -333,8 +333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5799522460784182968" + "version": "0.22.6.54827", + "templateHash": "14959625805292931026" } }, "parameters": { diff --git a/modules/databricks/access-connector/.test/common/main.test.bicep b/modules/databricks/access-connector/.test/common/main.test.bicep index e6854b68ae..81dfb69963 100644 --- a/modules/databricks/access-connector/.test/common/main.test.bicep +++ b/modules/databricks/access-connector/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/access-connector/.test/min/main.test.bicep b/modules/databricks/access-connector/.test/min/main.test.bicep index 3a950aaa5f..1c8b923b29 100644 --- a/modules/databricks/access-connector/.test/min/main.test.bicep +++ b/modules/databricks/access-connector/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/access-connector/README.md b/modules/databricks/access-connector/README.md index d530fdb979..75b28ed04e 100644 --- a/modules/databricks/access-connector/README.md +++ b/modules/databricks/access-connector/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Databricks Access Connector. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,55 +18,28 @@ This module deploys an Azure Databricks Access Connector. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Databricks/accessConnectors` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2022-10-01-preview/accessConnectors) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Databricks access connector to create. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed access connector. | -| `resourceGroupName` | string | The resource group of the deployed access connector. | -| `resourceId` | string | The resource ID of the deployed access connector. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/databricks.access-connector:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module accessConnector './databricks/access-connector/main.bicep' = { +module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-daccom' params: { // Required parameters @@ -156,14 +129,17 @@ module accessConnector './databricks/access-connector/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module accessConnector './databricks/access-connector/main.bicep' = { +module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dacmin' params: { // Required parameters @@ -200,3 +176,94 @@ module accessConnector './databricks/access-connector/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Databricks access connector to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Azure Databricks access connector to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed access connector. | +| `resourceGroupName` | string | The resource group of the deployed access connector. | +| `resourceId` | string | The resource ID of the deployed access connector. | + +## Cross-referenced modules + +_None_ diff --git a/modules/databricks/access-connector/main.json b/modules/databricks/access-connector/main.json index 0dff655dda..e7e834fff8 100644 --- a/modules/databricks/access-connector/main.json +++ b/modules/databricks/access-connector/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18141386081798006601" + "version": "0.22.6.54827", + "templateHash": "8282781227910546878" }, "name": "Azure Databricks Access Connectors", "description": "This module deploys an Azure Databricks Access Connector.", @@ -149,8 +149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8744521398620405286" + "version": "0.22.6.54827", + "templateHash": "9290418788736930611" } }, "parameters": { diff --git a/modules/databricks/workspace/.test/common/main.test.bicep b/modules/databricks/workspace/.test/common/main.test.bicep index 9dbc424bf9..cd9bef2b09 100644 --- a/modules/databricks/workspace/.test/common/main.test.bicep +++ b/modules/databricks/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/workspace/.test/min/main.test.bicep b/modules/databricks/workspace/.test/min/main.test.bicep index 85cd2ef8dc..00e0a9cd89 100644 --- a/modules/databricks/workspace/.test/min/main.test.bicep +++ b/modules/databricks/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/workspace/README.md b/modules/databricks/workspace/README.md index 064f045a46..79dd99e50c 100644 --- a/modules/databricks/workspace/README.md +++ b/modules/databricks/workspace/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Databricks Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,94 +22,28 @@ This module deploys an Azure Databricks Workspace. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Databricks workspace to create. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKManagedDisksKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKManagedServicesKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `amlWorkspaceResourceId` | string | `''` | | The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. | -| `cMKManagedDisksKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKManagedDisksKeyRotationToLatestKeyVersionEnabled` | bool | `True` | | Enable Auto Rotation of Key. | -| `cMKManagedDisksKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKManagedServicesKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKManagedServicesKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `customPrivateSubnetName` | string | `''` | | The name of the Private Subnet within the Virtual Network. | -| `customPublicSubnetName` | string | `''` | | The name of a Public Subnet within the Virtual Network. | -| `customVirtualNetworkResourceId` | string | `''` | | The resource ID of a Virtual Network where this Databricks Cluster should be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disablePublicIp` | bool | `False` | | Disable Public IP. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `loadBalancerBackendPoolName` | string | `''` | | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | -| `loadBalancerResourceId` | string | `''` | | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedResourceGroupResourceId` | string | `''` | | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. | -| `natGatewayName` | string | `''` | | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | -| `prepareEncryption` | bool | `False` | | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicIpName` | string | `''` | | Name of the Public IP for No Public IP workspace with managed vNet. | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing workspace. Set value to disabled to access workspace only via private link. | -| `requiredNsgRules` | string | `'AllRules'` | `[AllRules, NoAzureDatabricksRules]` | Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. | -| `requireInfrastructureEncryption` | bool | `False` | | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'premium'` | `[premium, standard, trial]` | The pricing tier of workspace. | -| `storageAccountName` | string | `''` | | Default DBFS storage account name. | -| `storageAccountSkuName` | string | `'Standard_GRS'` | | Storage account SKU name. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vnetAddressPrefix` | string | `'10.139'` | | Address prefix for Managed virtual network. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed databricks workspace. | -| `resourceGroupName` | string | The resource group of the deployed databricks workspace. | -| `resourceId` | string | The resource ID of the deployed databricks workspace. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/databricks.workspace:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module workspace './databricks/workspace/main.bicep' = { +module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dwcom' params: { // Required parameters @@ -341,14 +275,17 @@ module workspace './databricks/workspace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './databricks/workspace/main.bicep' = { +module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dwmin' params: { // Required parameters @@ -387,6 +324,349 @@ module workspace './databricks/workspace/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Databricks workspace to create. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKManagedDisksKeyVaultResourceId`](#parameter-cmkmanageddiskskeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKManagedServicesKeyVaultResourceId`](#parameter-cmkmanagedserviceskeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`amlWorkspaceResourceId`](#parameter-amlworkspaceresourceid) | string | The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. | +| [`cMKManagedDisksKeyName`](#parameter-cmkmanageddiskskeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKManagedDisksKeyRotationToLatestKeyVersionEnabled`](#parameter-cmkmanageddiskskeyrotationtolatestkeyversionenabled) | bool | Enable Auto Rotation of Key. | +| [`cMKManagedDisksKeyVersion`](#parameter-cmkmanageddiskskeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`cMKManagedServicesKeyName`](#parameter-cmkmanagedserviceskeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKManagedServicesKeyVersion`](#parameter-cmkmanagedserviceskeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`customPrivateSubnetName`](#parameter-customprivatesubnetname) | string | The name of the Private Subnet within the Virtual Network. | +| [`customPublicSubnetName`](#parameter-custompublicsubnetname) | string | The name of a Public Subnet within the Virtual Network. | +| [`customVirtualNetworkResourceId`](#parameter-customvirtualnetworkresourceid) | string | The resource ID of a Virtual Network where this Databricks Cluster should be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disablePublicIp`](#parameter-disablepublicip) | bool | Disable Public IP. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`loadBalancerBackendPoolName`](#parameter-loadbalancerbackendpoolname) | string | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | +| [`loadBalancerResourceId`](#parameter-loadbalancerresourceid) | string | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedResourceGroupResourceId`](#parameter-managedresourcegroupresourceid) | string | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. | +| [`natGatewayName`](#parameter-natgatewayname) | string | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | +| [`prepareEncryption`](#parameter-prepareencryption) | bool | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicIpName`](#parameter-publicipname) | string | Name of the Public IP for No Public IP workspace with managed vNet. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | The network access type for accessing workspace. Set value to disabled to access workspace only via private link. | +| [`requiredNsgRules`](#parameter-requirednsgrules) | string | Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. | +| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | The pricing tier of workspace. | +| [`storageAccountName`](#parameter-storageaccountname) | string | Default DBFS storage account name. | +| [`storageAccountSkuName`](#parameter-storageaccountskuname) | string | Storage account SKU name. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vnetAddressPrefix`](#parameter-vnetaddressprefix) | string | Address prefix for Managed virtual network. | + +### Parameter: `amlWorkspaceResourceId` + +The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedDisksKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedDisksKeyRotationToLatestKeyVersionEnabled` + +Enable Auto Rotation of Key. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `cMKManagedDisksKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedDisksKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedServicesKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedServicesKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedServicesKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customPrivateSubnetName` + +The name of the Private Subnet within the Virtual Network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customPublicSubnetName` + +The name of a Public Subnet within the Virtual Network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customVirtualNetworkResourceId` + +The resource ID of a Virtual Network where this Databricks Cluster should be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disablePublicIp` + +Disable Public IP. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `loadBalancerBackendPoolName` + +Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `loadBalancerResourceId` + +Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedResourceGroupResourceId` + +The managed resource group ID. It is created by the module as per the to-be resource ID you provide. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Azure Databricks workspace to create. +- Required: Yes +- Type: string + +### Parameter: `natGatewayName` + +Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `prepareEncryption` + +Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIpName` + +Name of the Public IP for No Public IP workspace with managed vNet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicNetworkAccess` + + The network access type for accessing workspace. Set value to disabled to access workspace only via private link. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `requiredNsgRules` + +Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. +- Required: No +- Type: string +- Default: `'AllRules'` +- Allowed: `[AllRules, NoAzureDatabricksRules]` + +### Parameter: `requireInfrastructureEncryption` + +A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The pricing tier of workspace. +- Required: No +- Type: string +- Default: `'premium'` +- Allowed: `[premium, standard, trial]` + +### Parameter: `storageAccountName` + +Default DBFS storage account name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountSkuName` + +Storage account SKU name. +- Required: No +- Type: string +- Default: `'Standard_GRS'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vnetAddressPrefix` + +Address prefix for Managed virtual network. +- Required: No +- Type: string +- Default: `'10.139'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed databricks workspace. | +| `resourceGroupName` | string | The resource group of the deployed databricks workspace. | +| `resourceId` | string | The resource ID of the deployed databricks workspace. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `customPublicSubnetName` and `customPrivateSubnetName` diff --git a/modules/databricks/workspace/main.json b/modules/databricks/workspace/main.json index f9dd854434..c729c6ec4f 100644 --- a/modules/databricks/workspace/main.json +++ b/modules/databricks/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4229571861676210045" + "version": "0.22.6.54827", + "templateHash": "11204795410714061974" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", @@ -423,8 +423,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6437441931020419683" + "version": "0.22.6.54827", + "templateHash": "3551736854871241675" } }, "parameters": { @@ -583,8 +583,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -783,8 +783,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -921,8 +921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep b/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep index 49cc626f3d..61b5a01a27 100644 --- a/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep +++ b/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/db-for-my-sql/flexible-server/README.md b/modules/db-for-my-sql/flexible-server/README.md index 613aacfd8d..5b936154cd 100644 --- a/modules/db-for-my-sql/flexible-server/README.md +++ b/modules/db-for-my-sql/flexible-server/README.md @@ -5,10 +5,10 @@ This module deploys a DBforMySQL Flexible Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,97 +22,29 @@ This module deploys a DBforMySQL Flexible Server. | `Microsoft.DBforMySQL/flexibleServers/firewallRules` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/firewallRules) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the MySQL flexible server. | -| `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | -| `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | +## Usage examples -**Conditional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | -| `geoBackupCMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | -| `geoBackupCMKUserAssignedIdentityResourceId` | string | `''` | | Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | -| `privateDnsZoneResourceId` | string | `''` | | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. | -| `restorePointInTime` | string | `''` | | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". | -| `sourceServerResourceId` | string | `''` | | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". | -| `storageAutoGrow` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `administratorLogin` | string | `''` | | The administrator login name of a server. Can only be specified when the MySQL server is being created. | -| `administratorLoginPassword` | securestring | `''` | | The administrator login password. | -| `administrators` | array | `[]` | | The Azure AD administrators when AAD authentication enabled. | -| `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. | -| `backupRetentionDays` | int | `7` | | Backup retention days for the server. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `createMode` | string | `'Default'` | `[Default, GeoRestore, PointInTimeRestore, Replica]` | The mode to create a new MySQL server. | -| `databases` | array | `[]` | | The databases to create in the server. | -| `delegatedSubnetResourceId` | string | `''` | | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, MySqlAuditLogs, MySqlSlowLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallRules` | array | `[]` | | The firewall rules to create in the MySQL flexible server. | -| `geoBackupCMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". | -| `geoBackupCMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. | -| `geoRedundantBackup` | string | `'Disabled'` | `[Disabled, Enabled]` | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. | -| `highAvailability` | string | `'Disabled'` | `[Disabled, SameZone, ZoneRedundant]` | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maintenanceWindow` | object | `{object}` | | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | -| `replicationRole` | string | `'None'` | `[None, Replica, Source]` | The replication role. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". | -| `storageAutoIoScaling` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. | -| `storageIOPS` | int | `1000` | | Storage IOPS for a server. Max IOPS are determined by compute size. | -| `storageSizeGB` | int | `64` | `[20, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `version` | string | `'5.7'` | `[5.7, 8.0.21]` | MySQL Server version. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed MySQL Flexible server. | -| `resourceGroupName` | string | The resource group of the deployed MySQL Flexible server. | -| `resourceId` | string | The resource ID of the deployed MySQL Flexible server. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/db-for-my-sql.flexible-server:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Private](#example-2-private) +- [Public](#example-3-public) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Min

via Bicep module ```bicep -module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfmsfsmin' params: { // Required parameters @@ -166,14 +98,14 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {

-

Example 2: Private

+### Example 2: _Private_
via Bicep module ```bicep -module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfmsfspvt' params: { // Required parameters @@ -351,14 +283,14 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {

-

Example 3: Public

+### Example 3: _Public_
via Bicep module ```bicep -module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfmsfsp' params: { // Required parameters @@ -595,3 +527,405 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the MySQL flexible server. | +| [`skuName`](#parameter-skuname) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | +| [`tier`](#parameter-tier) | string | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | +| [`geoBackupCMKKeyVaultResourceId`](#parameter-geobackupcmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | +| [`geoBackupCMKUserAssignedIdentityResourceId`](#parameter-geobackupcmkuserassignedidentityresourceid) | string | Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | +| [`privateDnsZoneResourceId`](#parameter-privatednszoneresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. | +| [`restorePointInTime`](#parameter-restorepointintime) | string | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". | +| [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". | +| [`storageAutoGrow`](#parameter-storageautogrow) | string | Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the MySQL server is being created. | +| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. | +| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. | +| [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. | +| [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`createMode`](#parameter-createmode) | string | The mode to create a new MySQL server. | +| [`databases`](#parameter-databases) | array | The databases to create in the server. | +| [`delegatedSubnetResourceId`](#parameter-delegatedsubnetresourceid) | string | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the MySQL flexible server. | +| [`geoBackupCMKKeyName`](#parameter-geobackupcmkkeyname) | string | The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". | +| [`geoBackupCMKKeyVersion`](#parameter-geobackupcmkkeyversion) | string | The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. | +| [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. | +| [`highAvailability`](#parameter-highavailability) | string | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | +| [`replicationRole`](#parameter-replicationrole) | string | The replication role. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". | +| [`storageAutoIoScaling`](#parameter-storageautoioscaling) | string | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. | +| [`storageIOPS`](#parameter-storageiops) | int | Storage IOPS for a server. Max IOPS are determined by compute size. | +| [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`version`](#parameter-version) | string | MySQL Server version. | + +### Parameter: `administratorLogin` + +The administrator login name of a server. Can only be specified when the MySQL server is being created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `administratorLoginPassword` + +The administrator login password. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `administrators` + +The Azure AD administrators when AAD authentication enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `availabilityZone` + +Availability zone information of the server. Default will have no preference set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1, 2, 3]` + +### Parameter: `backupRetentionDays` + +Backup retention days for the server. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `createMode` + +The mode to create a new MySQL server. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, GeoRestore, PointInTimeRestore, Replica]` + +### Parameter: `databases` + +The databases to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `delegatedSubnetResourceId` + +Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, MySqlAuditLogs, MySqlSlowLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallRules` + +The firewall rules to create in the MySQL flexible server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `geoBackupCMKKeyName` + +The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoBackupCMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoBackupCMKKeyVersion` + +The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoBackupCMKUserAssignedIdentityResourceId` + +Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoRedundantBackup` + +A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `highAvailability` + +The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, SameZone, ZoneRedundant]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maintenanceWindow` + +Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the MySQL flexible server. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneResourceId` + +Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `replicationRole` + +The replication role. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[None, Replica, Source]` + +### Parameter: `restorePointInTime` + +Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. +- Required: Yes +- Type: string + +### Parameter: `sourceServerResourceId` + +The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAutoGrow` + +Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `storageAutoIoScaling` + +Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `storageIOPS` + +Storage IOPS for a server. Max IOPS are determined by compute size. +- Required: No +- Type: int +- Default: `1000` + +### Parameter: `storageSizeGB` + +Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. +- Required: No +- Type: int +- Default: `64` +- Allowed: `[20, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tier` + +The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". +- Required: Yes +- Type: string +- Allowed: `[Burstable, GeneralPurpose, MemoryOptimized]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `version` + +MySQL Server version. +- Required: No +- Type: string +- Default: `'5.7'` +- Allowed: `[5.7, 8.0.21]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed MySQL Flexible server. | +| `resourceGroupName` | string | The resource group of the deployed MySQL Flexible server. | +| `resourceId` | string | The resource ID of the deployed MySQL Flexible server. | + +## Cross-referenced modules + +_None_ diff --git a/modules/db-for-my-sql/flexible-server/administrator/README.md b/modules/db-for-my-sql/flexible-server/administrator/README.md index fe8dbf343e..247e680d29 100644 --- a/modules/db-for-my-sql/flexible-server/administrator/README.md +++ b/modules/db-for-my-sql/flexible-server/administrator/README.md @@ -19,30 +19,75 @@ This module deploys a DBforMySQL Flexible Server Administrator. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `identityResourceId` | string | The resource ID of the identity used for AAD Authentication. | -| `login` | string | Login name of the server administrator. | -| `sid` | string | SID (object ID) of the server administrator. | +| [`identityResourceId`](#parameter-identityresourceid) | string | The resource ID of the identity used for AAD Authentication. | +| [`login`](#parameter-login) | string | Login name of the server administrator. | +| [`sid`](#parameter-sid) | string | SID (object ID) of the server administrator. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `identityResourceId` + +The resource ID of the identity used for AAD Authentication. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `login` + +Login name of the server administrator. +- Required: Yes +- Type: string + +### Parameter: `sid` + +SID (object ID) of the server administrator. +- Required: Yes +- Type: string + +### Parameter: `tenantId` + +The tenantId of the Active Directory administrator. +- Required: No +- Type: string +- Default: `[tenant().tenantId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed administrator. | | `resourceGroupName` | string | The resource group of the deployed administrator. | diff --git a/modules/db-for-my-sql/flexible-server/administrator/main.json b/modules/db-for-my-sql/flexible-server/administrator/main.json index 926f61fac5..41ee008d22 100644 --- a/modules/db-for-my-sql/flexible-server/administrator/main.json +++ b/modules/db-for-my-sql/flexible-server/administrator/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6026324512499502510" + "version": "0.22.6.54827", + "templateHash": "16367563858411209197" }, "name": "DBforMySQL Flexible Server Administrators", "description": "This module deploys a DBforMySQL Flexible Server Administrator.", diff --git a/modules/db-for-my-sql/flexible-server/database/README.md b/modules/db-for-my-sql/flexible-server/database/README.md index f6394d9998..f2cced0ae4 100644 --- a/modules/db-for-my-sql/flexible-server/database/README.md +++ b/modules/db-for-my-sql/flexible-server/database/README.md @@ -19,29 +19,69 @@ This module deploys a DBforMySQL Flexible Server Database. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the database. | +| [`name`](#parameter-name) | string | The name of the database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `charset` | string | `'utf8_general_ci'` | The charset of the database. | -| `collation` | string | `'utf8'` | The collation of the database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`charset`](#parameter-charset) | string | The charset of the database. | +| [`collation`](#parameter-collation) | string | The collation of the database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `charset` + +The charset of the database. +- Required: No +- Type: string +- Default: `'utf8_general_ci'` + +### Parameter: `collation` + +The collation of the database. +- Required: No +- Type: string +- Default: `'utf8'` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the database. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/db-for-my-sql/flexible-server/database/main.json b/modules/db-for-my-sql/flexible-server/database/main.json index a2fa950dd3..4a68e48562 100644 --- a/modules/db-for-my-sql/flexible-server/database/main.json +++ b/modules/db-for-my-sql/flexible-server/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12647720847614647024" + "version": "0.22.6.54827", + "templateHash": "16649222900362138505" }, "name": "DBforMySQL Flexible Server Databases", "description": "This module deploys a DBforMySQL Flexible Server Database.", diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md index 6c3b17dcdf..ee7be0779a 100644 --- a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md +++ b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md @@ -19,28 +19,59 @@ This module deploys a DBforMySQL Flexible Server Firewall Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `endIpAddress` | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | -| `name` | string | The name of the MySQL flexible server Firewall Rule. | -| `startIpAddress` | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`name`](#parameter-name) | string | The name of the MySQL flexible server Firewall Rule. | +| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endIpAddress` + +The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string + +### Parameter: `flexibleServerName` + +The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the MySQL flexible server Firewall Rule. +- Required: Yes +- Type: string + +### Parameter: `startIpAddress` + +The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed firewall rule. | | `resourceGroupName` | string | The resource group of the deployed firewall rule. | diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/main.json b/modules/db-for-my-sql/flexible-server/firewall-rule/main.json index c6c49e9e71..4b909f3882 100644 --- a/modules/db-for-my-sql/flexible-server/firewall-rule/main.json +++ b/modules/db-for-my-sql/flexible-server/firewall-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5263296307327888660" + "version": "0.22.6.54827", + "templateHash": "12840531816938690352" }, "name": "DBforMySQL Flexible Server Firewall Rules", "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.", diff --git a/modules/db-for-my-sql/flexible-server/main.json b/modules/db-for-my-sql/flexible-server/main.json index c3f53162a6..da56c4087f 100644 --- a/modules/db-for-my-sql/flexible-server/main.json +++ b/modules/db-for-my-sql/flexible-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11042164284975783101" + "version": "0.22.6.54827", + "templateHash": "1515305312622683890" }, "name": "DBforMySQL Flexible Servers", "description": "This module deploys a DBforMySQL Flexible Server.", @@ -548,8 +548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17154165990398141081" + "version": "0.22.6.54827", + "templateHash": "17516117596765839904" } }, "parameters": { @@ -695,8 +695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17356615394418311167" + "version": "0.22.6.54827", + "templateHash": "16649222900362138505" }, "name": "DBforMySQL Flexible Server Databases", "description": "This module deploys a DBforMySQL Flexible Server Database.", @@ -834,8 +834,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10162316213188664200" + "version": "0.22.6.54827", + "templateHash": "12840531816938690352" }, "name": "DBforMySQL Flexible Server Firewall Rules", "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.", @@ -962,8 +962,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6026324512499502510" + "version": "0.22.6.54827", + "templateHash": "16367563858411209197" }, "name": "DBforMySQL Flexible Server Administrators", "description": "This module deploys a DBforMySQL Flexible Server Administrator.", diff --git a/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep b/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep index 788d7c3423..1386d47e69 100644 --- a/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep +++ b/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/db-for-postgre-sql/flexible-server/README.md b/modules/db-for-postgre-sql/flexible-server/README.md index bb12fbcf62..4895dea492 100644 --- a/modules/db-for-postgre-sql/flexible-server/README.md +++ b/modules/db-for-postgre-sql/flexible-server/README.md @@ -5,10 +5,10 @@ This module deploys a DBforPostgreSQL Flexible Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -23,93 +23,29 @@ This module deploys a DBforPostgreSQL Flexible Server. | `Microsoft.DBforPostgreSQL/flexibleServers/firewallRules` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/firewallRules) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the PostgreSQL flexible server. | -| `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | -| `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. | -| `pointInTimeUTC` | string | `''` | Required if "createMode" is set to "PointInTimeRestore". | -| `sourceServerResourceId` | string | `''` | Required if "createMode" is set to "PointInTimeRestore". | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeDirectoryAuth` | string | `'Enabled'` | `[Disabled, Enabled]` | If Enabled, Azure Active Directory authentication is enabled. | -| `administratorLogin` | string | `''` | | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | -| `administratorLoginPassword` | securestring | `''` | | The administrator login password. | -| `administrators` | array | `[]` | | The Azure AD administrators when AAD authentication enabled. | -| `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. | -| `backupRetentionDays` | int | `7` | | Backup retention days for the server. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `configurations` | array | `[]` | | The configurations to create in the server. | -| `createMode` | string | `'Default'` | `[Create, Default, PointInTimeRestore, Update]` | The mode to create a new PostgreSQL server. | -| `databases` | array | `[]` | | The databases to create in the server. | -| `delegatedSubnetResourceId` | string | `''` | | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats, PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallRules` | array | `[]` | | The firewall rules to create in the PostgreSQL flexible server. | -| `geoRedundantBackup` | string | `'Disabled'` | `[Disabled, Enabled]` | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. | -| `highAvailability` | string | `'Disabled'` | `[Disabled, SameZone, ZoneRedundant]` | The mode for high availability. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maintenanceWindow` | object | `{object}` | | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | -| `passwordAuth` | string | `'Disabled'` | `[Disabled, Enabled]` | If Enabled, password authentication is enabled. | -| `privateDnsZoneArmResourceId` | string | `''` | | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `storageSizeGB` | int | `32` | `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tenantId` | string | `''` | | Tenant id of the server. | -| `version` | string | `'15'` | `[11, 12, 13, 14, 15]` | PostgreSQL Server version. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0`. +- [Using only defaults](#example-1-using-only-defaults) +- [Private](#example-2-private) +- [Public](#example-3-public) -## Outputs +### Example 1: _Using only defaults_ -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed PostgreSQL Flexible server. | -| `resourceGroupName` | string | The resource group of the deployed PostgreSQL Flexible server. | -| `resourceId` | string | The resource ID of the deployed PostgreSQL Flexible server. | +This instance deploys the module with the minimum set of required parameters. -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Min

via Bicep module ```bicep -module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfsmin' params: { // Required parameters @@ -163,14 +99,14 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {

-

Example 2: Private

+### Example 2: _Private_
via Bicep module ```bicep -module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfspvt' params: { // Required parameters @@ -312,14 +248,14 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {

-

Example 3: Public

+### Example 3: _Public_
via Bicep module ```bicep -module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfsp' params: { // Required parameters @@ -530,3 +466,372 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the PostgreSQL flexible server. | +| [`skuName`](#parameter-skuname) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | +| [`tier`](#parameter-tier) | string | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. | +| [`pointInTimeUTC`](#parameter-pointintimeutc) | string | Required if "createMode" is set to "PointInTimeRestore". | +| [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | Required if "createMode" is set to "PointInTimeRestore". | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`activeDirectoryAuth`](#parameter-activedirectoryauth) | string | If Enabled, Azure Active Directory authentication is enabled. | +| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | +| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. | +| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. | +| [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. | +| [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`configurations`](#parameter-configurations) | array | The configurations to create in the server. | +| [`createMode`](#parameter-createmode) | string | The mode to create a new PostgreSQL server. | +| [`databases`](#parameter-databases) | array | The databases to create in the server. | +| [`delegatedSubnetResourceId`](#parameter-delegatedsubnetresourceid) | string | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the PostgreSQL flexible server. | +| [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. | +| [`highAvailability`](#parameter-highavailability) | string | The mode for high availability. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | +| [`passwordAuth`](#parameter-passwordauth) | string | If Enabled, password authentication is enabled. | +| [`privateDnsZoneArmResourceId`](#parameter-privatednszonearmresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tenantId`](#parameter-tenantid) | string | Tenant id of the server. | +| [`version`](#parameter-version) | string | PostgreSQL Server version. | + +### Parameter: `activeDirectoryAuth` + +If Enabled, Azure Active Directory authentication is enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `administratorLogin` + +The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `administratorLoginPassword` + +The administrator login password. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `administrators` + +The Azure AD administrators when AAD authentication enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `availabilityZone` + +Availability zone information of the server. Default will have no preference set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1, 2, 3]` + +### Parameter: `backupRetentionDays` + +Backup retention days for the server. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `configurations` + +The configurations to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `createMode` + +The mode to create a new PostgreSQL server. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Create, Default, PointInTimeRestore, Update]` + +### Parameter: `databases` + +The databases to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `delegatedSubnetResourceId` + +Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats, PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallRules` + +The firewall rules to create in the PostgreSQL flexible server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `geoRedundantBackup` + +A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `highAvailability` + +The mode for high availability. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, SameZone, ZoneRedundant]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maintenanceWindow` + +Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the PostgreSQL flexible server. +- Required: Yes +- Type: string + +### Parameter: `passwordAuth` + +If Enabled, password authentication is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `pointInTimeUTC` + +Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateDnsZoneArmResourceId` + +Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. +- Required: Yes +- Type: string + +### Parameter: `sourceServerResourceId` + +Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageSizeGB` + +Max storage allowed for a server. +- Required: No +- Type: int +- Default: `32` +- Allowed: `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tenantId` + +Tenant id of the server. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tier` + +The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". +- Required: Yes +- Type: string +- Allowed: `[Burstable, GeneralPurpose, MemoryOptimized]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `version` + +PostgreSQL Server version. +- Required: No +- Type: string +- Default: `'15'` +- Allowed: `[11, 12, 13, 14, 15]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed PostgreSQL Flexible server. | +| `resourceGroupName` | string | The resource group of the deployed PostgreSQL Flexible server. | +| `resourceId` | string | The resource ID of the deployed PostgreSQL Flexible server. | + +## Cross-referenced modules + +_None_ diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/README.md b/modules/db-for-postgre-sql/flexible-server/administrator/README.md index 34cfa2b0b7..64e08316bd 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/README.md +++ b/modules/db-for-postgre-sql/flexible-server/administrator/README.md @@ -19,30 +19,76 @@ This module deploys a DBforPostgreSQL Flexible Server Administrator. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `objectId` | string | | The objectId of the Active Directory administrator. | -| `principalName` | string | | Active Directory administrator principal name. | -| `principalType` | string | `[Group, ServicePrincipal, Unknown, User]` | The principal type used to represent the type of Active Directory Administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`objectId`](#parameter-objectid) | string | The objectId of the Active Directory administrator. | +| [`principalName`](#parameter-principalname) | string | Active Directory administrator principal name. | +| [`principalType`](#parameter-principaltype) | string | The principal type used to represent the type of Active Directory Administrator. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `objectId` + +The objectId of the Active Directory administrator. +- Required: Yes +- Type: string + +### Parameter: `principalName` + +Active Directory administrator principal name. +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type used to represent the type of Active Directory Administrator. +- Required: Yes +- Type: string +- Allowed: `[Group, ServicePrincipal, Unknown, User]` + +### Parameter: `tenantId` + +The tenantId of the Active Directory administrator. +- Required: No +- Type: string +- Default: `[tenant().tenantId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed administrator. | | `resourceGroupName` | string | The resource group of the deployed administrator. | diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/main.json b/modules/db-for-postgre-sql/flexible-server/administrator/main.json index eb10947fcc..6ac911a9e5 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/main.json +++ b/modules/db-for-postgre-sql/flexible-server/administrator/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14812998248518641282" + "version": "0.22.6.54827", + "templateHash": "3514176123135146796" }, "name": "DBforPostgreSQL Flexible Server Administrators", "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/README.md b/modules/db-for-postgre-sql/flexible-server/configuration/README.md index 5a98fdc548..d156b0635a 100644 --- a/modules/db-for-postgre-sql/flexible-server/configuration/README.md +++ b/modules/db-for-postgre-sql/flexible-server/configuration/README.md @@ -19,29 +19,69 @@ This module deploys a DBforPostgreSQL Flexible Server Configuration. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the configuration. | +| [`name`](#parameter-name) | string | The name of the configuration. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `source` | string | `''` | Source of the configuration. | -| `value` | string | `''` | Value of the configuration. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`source`](#parameter-source) | string | Source of the configuration. | +| [`value`](#parameter-value) | string | Value of the configuration. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the configuration. +- Required: Yes +- Type: string + +### Parameter: `source` + +Source of the configuration. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `value` + +Value of the configuration. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed configuration. | | `resourceGroupName` | string | The resource group of the deployed configuration. | diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/main.json b/modules/db-for-postgre-sql/flexible-server/configuration/main.json index 92aa1e45be..54b8e1f4b7 100644 --- a/modules/db-for-postgre-sql/flexible-server/configuration/main.json +++ b/modules/db-for-postgre-sql/flexible-server/configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5586008567080780040" + "version": "0.22.6.54827", + "templateHash": "12961146168624492771" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", diff --git a/modules/db-for-postgre-sql/flexible-server/database/README.md b/modules/db-for-postgre-sql/flexible-server/database/README.md index 700caebc88..57ba0b45a5 100644 --- a/modules/db-for-postgre-sql/flexible-server/database/README.md +++ b/modules/db-for-postgre-sql/flexible-server/database/README.md @@ -19,29 +19,69 @@ This module deploys a DBforPostgreSQL Flexible Server Database. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the database. | +| [`name`](#parameter-name) | string | The name of the database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `charset` | string | `''` | The charset of the database. | -| `collation` | string | `''` | The collation of the database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`charset`](#parameter-charset) | string | The charset of the database. | +| [`collation`](#parameter-collation) | string | The collation of the database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `charset` + +The charset of the database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `collation` + +The collation of the database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the database. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/db-for-postgre-sql/flexible-server/database/main.json b/modules/db-for-postgre-sql/flexible-server/database/main.json index 0b0f806020..bc43485c4f 100644 --- a/modules/db-for-postgre-sql/flexible-server/database/main.json +++ b/modules/db-for-postgre-sql/flexible-server/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7432917940199201712" + "version": "0.22.6.54827", + "templateHash": "15866259518448635553" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md index d4f092e9f6..de0f21fadf 100644 --- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md +++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md @@ -19,28 +19,59 @@ This module deploys a DBforPostgreSQL Flexible Server Firewall Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `endIpAddress` | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | -| `name` | string | The name of the PostgreSQL flexible server Firewall Rule. | -| `startIpAddress` | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`name`](#parameter-name) | string | The name of the PostgreSQL flexible server Firewall Rule. | +| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endIpAddress` + +The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the PostgreSQL flexible server Firewall Rule. +- Required: Yes +- Type: string + +### Parameter: `startIpAddress` + +The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed firewall rule. | | `resourceGroupName` | string | The resource group of the deployed firewall rule. | diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json b/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json index 19cc04b358..79c31b0bfb 100644 --- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json +++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3071080362723739241" + "version": "0.22.6.54827", + "templateHash": "13418631602887252631" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json index 316363a8c8..e737116aa5 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.json +++ b/modules/db-for-postgre-sql/flexible-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16240139018001575474" + "version": "0.22.6.54827", + "templateHash": "2675797994216094359" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server.", @@ -521,8 +521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4898014763123062752" + "version": "0.22.6.54827", + "templateHash": "6100419547048418453" } }, "parameters": { @@ -667,8 +667,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16660732763595780206" + "version": "0.22.6.54827", + "templateHash": "15866259518448635553" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", @@ -806,8 +806,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7935033505380784919" + "version": "0.22.6.54827", + "templateHash": "13418631602887252631" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", @@ -904,7 +904,9 @@ { "copy": { "name": "flexibleServer_configurations", - "count": "[length(parameters('configurations'))]" + "count": "[length(parameters('configurations'))]", + "mode": "serial", + "batchSize": 1 }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -933,8 +935,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10954863077388190830" + "version": "0.22.6.54827", + "templateHash": "12961146168624492771" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", @@ -1071,8 +1073,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14812998248518641282" + "version": "0.22.6.54827", + "templateHash": "3514176123135146796" }, "name": "DBforPostgreSQL Flexible Server Administrators", "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", diff --git a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep index 959990ac7c..673b79551f 100644 --- a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/application-group/.test/min/main.test.bicep b/modules/desktop-virtualization/application-group/.test/min/main.test.bicep index e5a99a1d1e..8dae8dc2d4 100644 --- a/modules/desktop-virtualization/application-group/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/application-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/application-group/README.md b/modules/desktop-virtualization/application-group/README.md index 696349103d..9738f61981 100644 --- a/modules/desktop-virtualization/application-group/README.md +++ b/modules/desktop-virtualization/application-group/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,64 +20,28 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group. | `Microsoft.DesktopVirtualization/applicationGroups/applications` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/applicationGroups/applications) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `applicationGroupType` | string | `[Desktop, RemoteApp]` | The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. | -| `hostpoolName` | string | | Name of the Host Pool to be linked to this Application Group. | -| `name` | string | | Name of the Application Group to create this application in. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applications` | array | `[]` | | List of applications to be created in the Application Group. | -| `description` | string | `''` | | The description of the Application Group to be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Checkpoint, Error, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of log analytics. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | The friendly name of the Application Group to be created. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD application group. | -| `resourceGroupName` | string | The resource group the AVD application group was deployed into. | -| `resourceId` | string | The resource ID of the AVD application group. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.application-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationGroup './desktop-virtualization/application-group/main.bicep' = { +module applicationGroup 'br:bicep/modules/desktop-virtualization.application-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvagcom' params: { // Required parameters @@ -225,14 +189,17 @@ module applicationGroup './desktop-virtualization/application-group/main.bicep'

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module applicationGroup './desktop-virtualization/application-group/main.bicep' = { +module applicationGroup 'br:bicep/modules/desktop-virtualization.application-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvagmin' params: { // Required parameters @@ -277,3 +244,166 @@ module applicationGroup './desktop-virtualization/application-group/main.bicep'

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationGroupType`](#parameter-applicationgrouptype) | string | The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. | +| [`hostpoolName`](#parameter-hostpoolname) | string | Name of the Host Pool to be linked to this Application Group. | +| [`name`](#parameter-name) | string | Name of the Application Group to create this application in. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applications`](#parameter-applications) | array | List of applications to be created in the Application Group. | +| [`description`](#parameter-description) | string | The description of the Application Group to be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of log analytics. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Application Group to be created. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `applicationGroupType` + +The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. +- Required: Yes +- Type: string +- Allowed: `[Desktop, RemoteApp]` + +### Parameter: `applications` + +List of applications to be created in the Application Group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of the Application Group to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Checkpoint, Error, Management]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of log analytics. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +The friendly name of the Application Group to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `hostpoolName` + +Name of the Host Pool to be linked to this Application Group. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Application Group to create this application in. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD application group. | +| `resourceGroupName` | string | The resource group the AVD application group was deployed into. | +| `resourceId` | string | The resource ID of the AVD application group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/application-group/application/README.md b/modules/desktop-virtualization/application-group/application/README.md index 7d87db5d0c..cc46be1fbe 100644 --- a/modules/desktop-virtualization/application-group/application/README.md +++ b/modules/desktop-virtualization/application-group/application/README.md @@ -4,12 +4,12 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,34 +19,108 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `filePath` | string | Specifies a path for the executable file for the application. | -| `friendlyName` | string | Friendly name of Application.. | -| `name` | string | Name of the Application to be created in the Application Group. | +| [`filePath`](#parameter-filepath) | string | Specifies a path for the executable file for the application. | +| [`friendlyName`](#parameter-friendlyname) | string | Friendly name of Application.. | +| [`name`](#parameter-name) | string | Name of the Application to be created in the Application Group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appGroupName` | string | The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. | +| [`appGroupName`](#parameter-appgroupname) | string | The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `commandLineArguments` | string | `''` | | Command-Line Arguments for Application. | -| `commandLineSetting` | string | `'DoNotAllow'` | `[Allow, DoNotAllow, Require]` | Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. | -| `description` | string | `''` | | Description of Application.. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `iconIndex` | int | `0` | | Index of the icon. | -| `iconPath` | string | `''` | | Path to icon. | -| `showInPortal` | bool | `False` | | Specifies whether to show the RemoteApp program in the RD Web Access server. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`commandLineArguments`](#parameter-commandlinearguments) | string | Command-Line Arguments for Application. | +| [`commandLineSetting`](#parameter-commandlinesetting) | string | Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. | +| [`description`](#parameter-description) | string | Description of Application.. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`iconIndex`](#parameter-iconindex) | int | Index of the icon. | +| [`iconPath`](#parameter-iconpath) | string | Path to icon. | +| [`showInPortal`](#parameter-showinportal) | bool | Specifies whether to show the RemoteApp program in the RD Web Access server. | + +### Parameter: `appGroupName` + +The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `commandLineArguments` + +Command-Line Arguments for Application. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `commandLineSetting` + +Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. +- Required: No +- Type: string +- Default: `'DoNotAllow'` +- Allowed: `[Allow, DoNotAllow, Require]` + +### Parameter: `description` + +Description of Application.. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `filePath` + +Specifies a path for the executable file for the application. +- Required: Yes +- Type: string + +### Parameter: `friendlyName` + +Friendly name of Application.. +- Required: Yes +- Type: string + +### Parameter: `iconIndex` + +Index of the icon. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `iconPath` + +Path to icon. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the Application to be created in the Application Group. +- Required: Yes +- Type: string + +### Parameter: `showInPortal` + +Specifies whether to show the RemoteApp program in the RD Web Access server. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The Name of the Application Group to register the Application in. | | `resourceGroupName` | string | The name of the Resource Group the AVD Application was created in. | diff --git a/modules/desktop-virtualization/application-group/application/main.json b/modules/desktop-virtualization/application-group/application/main.json index 2621a89ffe..70e339a8b2 100644 --- a/modules/desktop-virtualization/application-group/application/main.json +++ b/modules/desktop-virtualization/application-group/application/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7619639220591936340" + "version": "0.22.6.54827", + "templateHash": "10616827856455579307" }, "name": "Azure Virtual Desktop (AVD) Application Group Applications", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group Application.", diff --git a/modules/desktop-virtualization/application-group/main.json b/modules/desktop-virtualization/application-group/main.json index 351595b955..a84976fdda 100644 --- a/modules/desktop-virtualization/application-group/main.json +++ b/modules/desktop-virtualization/application-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6445435320297948317" + "version": "0.22.6.54827", + "templateHash": "8705022781837382520" }, "name": "Azure Virtual Desktop (AVD) Application Groups", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group.", @@ -261,8 +261,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "110356307048121387" + "version": "0.22.6.54827", + "templateHash": "10616827856455579307" }, "name": "Azure Virtual Desktop (AVD) Application Group Applications", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group Application.", @@ -442,8 +442,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9771114878684828045" + "version": "0.22.6.54827", + "templateHash": "16875966944342044136" } }, "parameters": { diff --git a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep index 6f581c0315..ae07838fee 100644 --- a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep index 9a7bbfd580..7691ccaa51 100644 --- a/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/host-pool/README.md b/modules/desktop-virtualization/host-pool/README.md index 9d96667dba..aeced854d6 100644 --- a/modules/desktop-virtualization/host-pool/README.md +++ b/modules/desktop-virtualization/host-pool/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Host Pool. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,90 +19,28 @@ This module deploys an Azure Virtual Desktop (AVD) Host Pool. | `Microsoft.DesktopVirtualization/hostPools` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/hostPools) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Host Pool. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `agentUpdate` | object | `{object}` | | The session host configuration for updating agent, monitoring agent, and stack component. | -| `agentUpdateMaintenanceWindowDayOfWeek` | string | `'Sunday'` | `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` | Update day for scheduled agent updates. | -| `agentUpdateMaintenanceWindowHour` | int | `22` | | Update hour for scheduled agent updates. | -| `agentUpdateMaintenanceWindows` | array | `[System.Management.Automation.OrderedHashtable]` | | List of maintenance windows for scheduled agent updates. | -| `agentUpdateMaintenanceWindowTimeZone` | string | `'Central Standard Time'` | | Time zone for scheduled agent updates. | -| `agentUpdateType` | string | `'Default'` | `[Default, Scheduled]` | Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. | -| `agentUpdateUseSessionHostLocalTime` | bool | `False` | | Whether to use localTime of the virtual machine for scheduled agent updates. | -| `customRdpProperty` | string | `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` | | Host Pool RDP properties. | -| `description` | string | `''` | | The description of the Host Pool to be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | The friendly name of the Host Pool to be created. | -| `loadBalancerType` | string | `'BreadthFirst'` | `[BreadthFirst, DepthFirst, Persistent]` | Type of load balancer algorithm. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxSessionLimit` | int | `99999` | | Maximum number of sessions. | -| `personalDesktopAssignmentType` | string | `''` | `['', Automatic, Direct]` | Set the type of assignment for a Personal Host Pool type. | -| `preferredAppGroupType` | string | `'Desktop'` | `[Desktop, None, RailApplications]` | The type of preferred application group type, default to Desktop Application Group. | -| `ring` | int | `-1` | | The ring number of HostPool. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ssoadfsAuthority` | string | `''` | | URL to customer ADFS server for signing WVD SSO certificates. | -| `ssoClientId` | string | `''` | | ClientId for the registered Relying Party used to issue WVD SSO certificates. | -| `ssoClientSecretKeyVaultPath` | string | `''` | | Path to Azure KeyVault storing the secret used for communication to ADFS. | -| `ssoSecretType` | string | `''` | `['', Certificate, CertificateInKeyVault, SharedKey, SharedKeyInKeyVault]` | The type of single sign on Secret Type. | -| `startVMOnConnect` | bool | `False` | | Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tokenValidityLength` | string | `'PT8H'` | | Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. | -| `type` | string | `'Pooled'` | `[Personal, Pooled]` | Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. | -| `validationEnvironment` | bool | `False` | | Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. | -| `vmTemplate` | object | `{object}` | | The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. | +## Usage examples -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD host pool. | -| `resourceGroupName` | string | The resource group the AVD host pool was deployed into. | -| `resourceId` | string | The resource ID of the AVD host pool. | -| `tokenExpirationTime` | string | The expiration time for the registration token. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.host-pool:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module hostPool './desktop-virtualization/host-pool/main.bicep' = { +module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvhpcom' params: { // Required parameters @@ -292,14 +230,17 @@ module hostPool './desktop-virtualization/host-pool/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module hostPool './desktop-virtualization/host-pool/main.bicep' = { +module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvhpmin' params: { // Required parameters @@ -336,3 +277,340 @@ module hostPool './desktop-virtualization/host-pool/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Host Pool. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`agentUpdate`](#parameter-agentupdate) | object | The session host configuration for updating agent, monitoring agent, and stack component. | +| [`agentUpdateMaintenanceWindowDayOfWeek`](#parameter-agentupdatemaintenancewindowdayofweek) | string | Update day for scheduled agent updates. | +| [`agentUpdateMaintenanceWindowHour`](#parameter-agentupdatemaintenancewindowhour) | int | Update hour for scheduled agent updates. | +| [`agentUpdateMaintenanceWindows`](#parameter-agentupdatemaintenancewindows) | array | List of maintenance windows for scheduled agent updates. | +| [`agentUpdateMaintenanceWindowTimeZone`](#parameter-agentupdatemaintenancewindowtimezone) | string | Time zone for scheduled agent updates. | +| [`agentUpdateType`](#parameter-agentupdatetype) | string | Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. | +| [`agentUpdateUseSessionHostLocalTime`](#parameter-agentupdateusesessionhostlocaltime) | bool | Whether to use localTime of the virtual machine for scheduled agent updates. | +| [`customRdpProperty`](#parameter-customrdpproperty) | string | Host Pool RDP properties. | +| [`description`](#parameter-description) | string | The description of the Host Pool to be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Host Pool to be created. | +| [`loadBalancerType`](#parameter-loadbalancertype) | string | Type of load balancer algorithm. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxSessionLimit`](#parameter-maxsessionlimit) | int | Maximum number of sessions. | +| [`personalDesktopAssignmentType`](#parameter-personaldesktopassignmenttype) | string | Set the type of assignment for a Personal Host Pool type. | +| [`preferredAppGroupType`](#parameter-preferredappgrouptype) | string | The type of preferred application group type, default to Desktop Application Group. | +| [`ring`](#parameter-ring) | int | The ring number of HostPool. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ssoadfsAuthority`](#parameter-ssoadfsauthority) | string | URL to customer ADFS server for signing WVD SSO certificates. | +| [`ssoClientId`](#parameter-ssoclientid) | string | ClientId for the registered Relying Party used to issue WVD SSO certificates. | +| [`ssoClientSecretKeyVaultPath`](#parameter-ssoclientsecretkeyvaultpath) | string | Path to Azure KeyVault storing the secret used for communication to ADFS. | +| [`ssoSecretType`](#parameter-ssosecrettype) | string | The type of single sign on Secret Type. | +| [`startVMOnConnect`](#parameter-startvmonconnect) | bool | Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tokenValidityLength`](#parameter-tokenvaliditylength) | string | Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. | +| [`type`](#parameter-type) | string | Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. | +| [`validationEnvironment`](#parameter-validationenvironment) | bool | Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. | +| [`vmTemplate`](#parameter-vmtemplate) | object | The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | + +### Parameter: `agentUpdate` + +The session host configuration for updating agent, monitoring agent, and stack component. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `agentUpdateMaintenanceWindowDayOfWeek` + +Update day for scheduled agent updates. +- Required: No +- Type: string +- Default: `'Sunday'` +- Allowed: `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` + +### Parameter: `agentUpdateMaintenanceWindowHour` + +Update hour for scheduled agent updates. +- Required: No +- Type: int +- Default: `22` + +### Parameter: `agentUpdateMaintenanceWindows` + +List of maintenance windows for scheduled agent updates. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `agentUpdateMaintenanceWindowTimeZone` + +Time zone for scheduled agent updates. +- Required: No +- Type: string +- Default: `'Central Standard Time'` + +### Parameter: `agentUpdateType` + +Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, Scheduled]` + +### Parameter: `agentUpdateUseSessionHostLocalTime` + +Whether to use localTime of the virtual machine for scheduled agent updates. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `customRdpProperty` + +Host Pool RDP properties. +- Required: No +- Type: string +- Default: `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` + +### Parameter: `description` + +The description of the Host Pool to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +The friendly name of the Host Pool to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `loadBalancerType` + +Type of load balancer algorithm. +- Required: No +- Type: string +- Default: `'BreadthFirst'` +- Allowed: `[BreadthFirst, DepthFirst, Persistent]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxSessionLimit` + +Maximum number of sessions. +- Required: No +- Type: int +- Default: `99999` + +### Parameter: `name` + +Name of the Host Pool. +- Required: Yes +- Type: string + +### Parameter: `personalDesktopAssignmentType` + +Set the type of assignment for a Personal Host Pool type. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Automatic, Direct]` + +### Parameter: `preferredAppGroupType` + +The type of preferred application group type, default to Desktop Application Group. +- Required: No +- Type: string +- Default: `'Desktop'` +- Allowed: `[Desktop, None, RailApplications]` + +### Parameter: `ring` + +The ring number of HostPool. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ssoadfsAuthority` + +URL to customer ADFS server for signing WVD SSO certificates. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ssoClientId` + +ClientId for the registered Relying Party used to issue WVD SSO certificates. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ssoClientSecretKeyVaultPath` + +Path to Azure KeyVault storing the secret used for communication to ADFS. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ssoSecretType` + +The type of single sign on Secret Type. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Certificate, CertificateInKeyVault, SharedKey, SharedKeyInKeyVault]` + +### Parameter: `startVMOnConnect` + +Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tokenValidityLength` + +Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `type` + +Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. +- Required: No +- Type: string +- Default: `'Pooled'` +- Allowed: `[Personal, Pooled]` + +### Parameter: `validationEnvironment` + +Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vmTemplate` + +The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD host pool. | +| `resourceGroupName` | string | The resource group the AVD host pool was deployed into. | +| `resourceId` | string | The resource ID of the AVD host pool. | +| `tokenExpirationTime` | string | The expiration time for the registration token. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep b/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep index 5423566864..b346cfc8ad 100644 --- a/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep b/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep index d2476d9b7b..9eac3af179 100644 --- a/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/scaling-plan/README.md b/modules/desktop-virtualization/scaling-plan/README.md index 3476b8e9f1..bc75544c2e 100644 --- a/modules/desktop-virtualization/scaling-plan/README.md +++ b/modules/desktop-virtualization/scaling-plan/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Virtual Desktop (AVD) Scaling Plan. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,64 +18,28 @@ This module deploys an Azure Virtual Desktop (AVD) Scaling Plan. | `Microsoft.DesktopVirtualization/scalingPlans` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/scalingPlans) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the scaling plan. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `[parameters('name')]` | | Description of the scaling plan. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Autoscale]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exclusionTag` | string | `''` | | Provide a tag to be used for hosts that should not be affected by the scaling plan. | -| `friendlyName` | string | `[parameters('name')]` | | Friendly Name of the scaling plan. | -| `hostPoolReferences` | array | `[]` | | An array of references to hostpools. | -| `hostPoolType` | string | `'Pooled'` | `[Pooled]` | The type of hostpool where this scaling plan should be applied. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `schedules` | array | `[System.Management.Automation.OrderedHashtable]` | | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeZone` | string | `'W. Europe Standard Time'` | | Timezone to be used for the scaling plan. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD scaling plan. | -| `resourceGroupName` | string | The resource group the AVD scaling plan was deployed into. | -| `resourceId` | string | The resource ID of the AVD scaling plan. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = { +module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvspcom' params: { // Required parameters @@ -255,14 +219,17 @@ module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = { +module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvspmin' params: { // Required parameters @@ -299,3 +266,167 @@ module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the scaling plan. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Description of the scaling plan. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exclusionTag`](#parameter-exclusiontag) | string | Provide a tag to be used for hosts that should not be affected by the scaling plan. | +| [`friendlyName`](#parameter-friendlyname) | string | Friendly Name of the scaling plan. | +| [`hostPoolReferences`](#parameter-hostpoolreferences) | array | An array of references to hostpools. | +| [`hostPoolType`](#parameter-hostpooltype) | string | The type of hostpool where this scaling plan should be applied. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`schedules`](#parameter-schedules) | array | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeZone`](#parameter-timezone) | string | Timezone to be used for the scaling plan. | + +### Parameter: `description` + +Description of the scaling plan. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Autoscale]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exclusionTag` + +Provide a tag to be used for hosts that should not be affected by the scaling plan. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `friendlyName` + +Friendly Name of the scaling plan. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `hostPoolReferences` + +An array of references to hostpools. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hostPoolType` + +The type of hostpool where this scaling plan should be applied. +- Required: No +- Type: string +- Default: `'Pooled'` +- Allowed: `[Pooled]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the scaling plan. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +The schedules related to this scaling plan. If no value is provided a default schedule will be provided. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeZone` + +Timezone to be used for the scaling plan. +- Required: No +- Type: string +- Default: `'W. Europe Standard Time'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD scaling plan. | +| `resourceGroupName` | string | The resource group the AVD scaling plan was deployed into. | +| `resourceId` | string | The resource ID of the AVD scaling plan. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep index 6a603dc442..d98e112b0f 100644 --- a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/workspace/.test/min/main.test.bicep b/modules/desktop-virtualization/workspace/.test/min/main.test.bicep index 845f5ef455..78df110582 100644 --- a/modules/desktop-virtualization/workspace/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/workspace/README.md b/modules/desktop-virtualization/workspace/README.md index 6512110609..176ee1f214 100644 --- a/modules/desktop-virtualization/workspace/README.md +++ b/modules/desktop-virtualization/workspace/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,62 +19,28 @@ This module deploys an Azure Virtual Desktop (AVD) Workspace. | `Microsoft.DesktopVirtualization/workspaces` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/workspaces) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the workspace to be attach to new Application Group. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.workspace:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appGroupResourceIds` | array | `[]` | | Resource IDs for the existing Application groups this workspace will group together. | -| `description` | string | `''` | | The description of the Workspace to be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Checkpoint, Error, Feed, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | The friendly name of the Workspace to be created. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD workspace. | -| `resourceGroupName` | string | The resource group the AVD workspace was deployed into. | -| `resourceId` | string | The resource ID of the AVD workspace. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module workspace './desktop-virtualization/workspace/main.bicep' = { +module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvwcom' params: { // Required parameters @@ -184,14 +150,17 @@ module workspace './desktop-virtualization/workspace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './desktop-virtualization/workspace/main.bicep' = { +module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvwmin' params: { // Required parameters @@ -228,3 +197,151 @@ module workspace './desktop-virtualization/workspace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the workspace to be attach to new Application Group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appGroupResourceIds`](#parameter-appgroupresourceids) | array | Resource IDs for the existing Application groups this workspace will group together. | +| [`description`](#parameter-description) | string | The description of the Workspace to be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Workspace to be created. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `appGroupResourceIds` + +Resource IDs for the existing Application groups this workspace will group together. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of the Workspace to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Checkpoint, Error, Feed, Management]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +The friendly name of the Workspace to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the workspace to be attach to new Application Group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD workspace. | +| `resourceGroupName` | string | The resource group the AVD workspace was deployed into. | +| `resourceId` | string | The resource ID of the AVD workspace. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/workspace/main.json b/modules/desktop-virtualization/workspace/main.json index 6c0aa6b332..b96c1b5e6c 100644 --- a/modules/desktop-virtualization/workspace/main.json +++ b/modules/desktop-virtualization/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10679736874154725054" + "version": "0.22.6.54827", + "templateHash": "8129248040868416848" }, "name": "Azure Virtual Desktop (AVD) Workspaces", "description": "This module deploys an Azure Virtual Desktop (AVD) Workspace.", @@ -237,8 +237,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12071774351316031070" + "version": "0.22.6.54827", + "templateHash": "10387281728055526723" } }, "parameters": { diff --git a/modules/dev-test-lab/lab/.test/common/main.test.bicep b/modules/dev-test-lab/lab/.test/common/main.test.bicep index 2f0565eb03..c63a75d0ae 100644 --- a/modules/dev-test-lab/lab/.test/common/main.test.bicep +++ b/modules/dev-test-lab/lab/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/dev-test-lab/lab/.test/min/main.test.bicep b/modules/dev-test-lab/lab/.test/min/main.test.bicep index 70e5d551d1..7989d9f4d2 100644 --- a/modules/dev-test-lab/lab/.test/min/main.test.bicep +++ b/modules/dev-test-lab/lab/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/dev-test-lab/lab/README.md b/modules/dev-test-lab/lab/README.md index 9b21814ef3..03bc402078 100644 --- a/modules/dev-test-lab/lab/README.md +++ b/modules/dev-test-lab/lab/README.md @@ -5,10 +5,10 @@ This module deploys a DevTest Lab. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -24,83 +24,28 @@ This module deploys a DevTest Lab. | `Microsoft.DevTestLab/labs/schedules` | [2018-09-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DevTestLab/2018-09-15/labs/schedules) | | `Microsoft.DevTestLab/labs/virtualnetworks` | [2018-09-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DevTestLab/2018-09-15/labs/virtualnetworks) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the lab. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `encryptionDiskEncryptionSetId` | string | `''` | The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". | -| `notificationchannels` | array | `[]` | Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `announcement` | object | `{object}` | | The properties of any lab announcement associated with this lab. | -| `artifactsources` | array | `[]` | | Artifact sources to create for the lab. | -| `artifactsStorageAccount` | string | `''` | | The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. | -| `browserConnect` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. | -| `costs` | object | `{object}` | | Costs to create for the lab. | -| `disableAutoUpgradeCseMinorVersion` | bool | `False` | | Disable auto upgrade custom script extension minor version. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionType` | string | `'EncryptionAtRestWithPlatformKey'` | `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformKey]` | Specify how OS and data disks created as part of the lab are encrypted. | -| `environmentPermission` | string | `'Reader'` | `[Contributor, Reader]` | The access rights to be granted to the user when provisioning an environment. | -| `extendedProperties` | object | `{object}` | | Extended properties of the lab used for experimental features. | -| `isolateLabResources` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable lab resources isolation from the public internet. | -| `labStorageType` | string | `'Premium'` | `[Premium, Standard, StandardSSD]` | Type of storage used by the lab. It can be either Premium or Standard. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managementIdentities` | object | `{object}` | | The ID(s) to assign to the virtual machines associated with this lab. | -| `mandatoryArtifactsResourceIdsLinux` | array | `[]` | | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. | -| `mandatoryArtifactsResourceIdsWindows` | array | `[]` | | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. | -| `policies` | array | `[]` | | Policies to create for the lab. | -| `premiumDataDisks` | string | `'Disabled'` | `[Disabled, Enabled]` | The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `schedules` | array | `[]` | | Schedules to create for the lab. | -| `support` | object | `{object}` | | The properties of any lab support message associated with this lab. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualnetworks` | array | `[]` | | Virtual networks to create for the lab. | -| `vmCreationResourceGroupId` | string | `[resourceGroup().id]` | | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the lab. | -| `resourceGroupName` | string | The resource group the lab was deployed into. | -| `resourceId` | string | The resource ID of the lab. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | -| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/dev-test-lab.lab:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module lab './dev-test-lab/lab/main.bicep' = { +module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtllcom' params: { // Required parameters @@ -626,14 +571,17 @@ module lab './dev-test-lab/lab/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module lab './dev-test-lab/lab/main.bicep' = { +module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtllmin' params: { // Required parameters @@ -670,3 +618,275 @@ module lab './dev-test-lab/lab/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the lab. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`encryptionDiskEncryptionSetId`](#parameter-encryptiondiskencryptionsetid) | string | The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". | +| [`notificationchannels`](#parameter-notificationchannels) | array | Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`announcement`](#parameter-announcement) | object | The properties of any lab announcement associated with this lab. | +| [`artifactsources`](#parameter-artifactsources) | array | Artifact sources to create for the lab. | +| [`artifactsStorageAccount`](#parameter-artifactsstorageaccount) | string | The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. | +| [`browserConnect`](#parameter-browserconnect) | string | Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. | +| [`costs`](#parameter-costs) | object | Costs to create for the lab. | +| [`disableAutoUpgradeCseMinorVersion`](#parameter-disableautoupgradecseminorversion) | bool | Disable auto upgrade custom script extension minor version. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionType`](#parameter-encryptiontype) | string | Specify how OS and data disks created as part of the lab are encrypted. | +| [`environmentPermission`](#parameter-environmentpermission) | string | The access rights to be granted to the user when provisioning an environment. | +| [`extendedProperties`](#parameter-extendedproperties) | object | Extended properties of the lab used for experimental features. | +| [`isolateLabResources`](#parameter-isolatelabresources) | string | Enable lab resources isolation from the public internet. | +| [`labStorageType`](#parameter-labstoragetype) | string | Type of storage used by the lab. It can be either Premium or Standard. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managementIdentities`](#parameter-managementidentities) | object | The ID(s) to assign to the virtual machines associated with this lab. | +| [`mandatoryArtifactsResourceIdsLinux`](#parameter-mandatoryartifactsresourceidslinux) | array | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. | +| [`mandatoryArtifactsResourceIdsWindows`](#parameter-mandatoryartifactsresourceidswindows) | array | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. | +| [`policies`](#parameter-policies) | array | Policies to create for the lab. | +| [`premiumDataDisks`](#parameter-premiumdatadisks) | string | The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`schedules`](#parameter-schedules) | array | Schedules to create for the lab. | +| [`support`](#parameter-support) | object | The properties of any lab support message associated with this lab. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualnetworks`](#parameter-virtualnetworks) | array | Virtual networks to create for the lab. | +| [`vmCreationResourceGroupId`](#parameter-vmcreationresourcegroupid) | string | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. | + +### Parameter: `announcement` + +The properties of any lab announcement associated with this lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `artifactsources` + +Artifact sources to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `artifactsStorageAccount` + +The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `browserConnect` + +Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `costs` + +Costs to create for the lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `disableAutoUpgradeCseMinorVersion` + +Disable auto upgrade custom script extension minor version. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionDiskEncryptionSetId` + +The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `encryptionType` + +Specify how OS and data disks created as part of the lab are encrypted. +- Required: No +- Type: string +- Default: `'EncryptionAtRestWithPlatformKey'` +- Allowed: `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformKey]` + +### Parameter: `environmentPermission` + +The access rights to be granted to the user when provisioning an environment. +- Required: No +- Type: string +- Default: `'Reader'` +- Allowed: `[Contributor, Reader]` + +### Parameter: `extendedProperties` + +Extended properties of the lab used for experimental features. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `isolateLabResources` + +Enable lab resources isolation from the public internet. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `labStorageType` + +Type of storage used by the lab. It can be either Premium or Standard. +- Required: No +- Type: string +- Default: `'Premium'` +- Allowed: `[Premium, Standard, StandardSSD]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managementIdentities` + +The ID(s) to assign to the virtual machines associated with this lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mandatoryArtifactsResourceIdsLinux` + +The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `mandatoryArtifactsResourceIdsWindows` + +The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the lab. +- Required: Yes +- Type: string + +### Parameter: `notificationchannels` + +Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policies` + +Policies to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `premiumDataDisks` + +The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +Schedules to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `support` + +The properties of any lab support message associated with this lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualnetworks` + +Virtual networks to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `vmCreationResourceGroupId` + +Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. +- Required: No +- Type: string +- Default: `[resourceGroup().id]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the lab. | +| `resourceGroupName` | string | The resource group the lab was deployed into. | +| `resourceId` | string | The resource ID of the lab. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. | + +## Cross-referenced modules + +_None_ diff --git a/modules/dev-test-lab/lab/artifactsource/README.md b/modules/dev-test-lab/lab/artifactsource/README.md index 0318c83d13..26aa3c0d4f 100644 --- a/modules/dev-test-lab/lab/artifactsource/README.md +++ b/modules/dev-test-lab/lab/artifactsource/README.md @@ -21,35 +21,118 @@ An artifact source allows you to create custom artifacts for the VMs in the lab, **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the artifact source. | -| `uri` | string | The artifact source's URI. | +| [`name`](#parameter-name) | string | The name of the artifact source. | +| [`uri`](#parameter-uri) | string | The artifact source's URI. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `armTemplateFolderPath` | string | `''` | The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. | -| `folderPath` | string | `''` | The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. | -| `labName` | string | | The name of the parent lab. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`armTemplateFolderPath`](#parameter-armtemplatefolderpath) | string | The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. | +| [`folderPath`](#parameter-folderpath) | string | The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `branchRef` | string | `''` | | The artifact source's branch reference (e.g. main or master). | -| `displayName` | string | `[parameters('name')]` | | The artifact source's display name. Default is the name of the artifact source. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `securityToken` | securestring | `''` | | The security token to authenticate to the artifact source. | -| `sourceType` | string | `''` | `['', GitHub, StorageAccount, VsoGit]` | The artifact source's type. | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`branchRef`](#parameter-branchref) | string | The artifact source's branch reference (e.g. main or master). | +| [`displayName`](#parameter-displayname) | string | The artifact source's display name. Default is the name of the artifact source. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`securityToken`](#parameter-securitytoken) | securestring | The security token to authenticate to the artifact source. | +| [`sourceType`](#parameter-sourcetype) | string | The artifact source's type. | +| [`status`](#parameter-status) | string | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `armTemplateFolderPath` + +The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `branchRef` + +The artifact source's branch reference (e.g. main or master). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The artifact source's display name. Default is the name of the artifact source. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `folderPath` + +The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the artifact source. +- Required: Yes +- Type: string + +### Parameter: `securityToken` + +The security token to authenticate to the artifact source. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `sourceType` + +The artifact source's type. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', GitHub, StorageAccount, VsoGit]` + +### Parameter: `status` + +Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uri` + +The artifact source's URI. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the artifact source. | | `resourceGroupName` | string | The name of the resource group the artifact source was created in. | diff --git a/modules/dev-test-lab/lab/artifactsource/main.json b/modules/dev-test-lab/lab/artifactsource/main.json index 9056139395..946b4a505a 100644 --- a/modules/dev-test-lab/lab/artifactsource/main.json +++ b/modules/dev-test-lab/lab/artifactsource/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10765635521160351928" + "version": "0.22.6.54827", + "templateHash": "4180084937723506143" }, "name": "DevTest Lab Artifact Sources", "description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.", diff --git a/modules/dev-test-lab/lab/cost/README.md b/modules/dev-test-lab/lab/cost/README.md index 7ad70ef322..69d66fdbc7 100644 --- a/modules/dev-test-lab/lab/cost/README.md +++ b/modules/dev-test-lab/lab/cost/README.md @@ -21,42 +21,185 @@ Manage lab costs by setting a spending target that can be viewed in the Monthly **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `cycleType` | string | `[CalendarMonth, Custom]` | Reporting cycle type. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cycleType`](#parameter-cycletype) | string | Reporting cycle type. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cycleEndDateTime` | string | `''` | Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | -| `cycleStartDateTime` | string | `''` | Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | -| `labName` | string | | The name of the parent lab. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cycleEndDateTime`](#parameter-cycleenddatetime) | string | Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | +| [`cycleStartDateTime`](#parameter-cyclestartdatetime) | string | Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `currencyCode` | string | `'USD'` | | The currency code of the cost. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Target cost status. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `target` | int | `0` | | Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. | -| `thresholdValue100DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue100SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue125DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue125SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue25DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue25SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue50DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue50SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue75DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue75SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`currencyCode`](#parameter-currencycode) | string | The currency code of the cost. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`status`](#parameter-status) | string | Target cost status. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`target`](#parameter-target) | int | Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. | +| [`thresholdValue100DisplayOnChart`](#parameter-thresholdvalue100displayonchart) | string | Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue100SendNotificationWhenExceeded`](#parameter-thresholdvalue100sendnotificationwhenexceeded) | string | Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue125DisplayOnChart`](#parameter-thresholdvalue125displayonchart) | string | Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue125SendNotificationWhenExceeded`](#parameter-thresholdvalue125sendnotificationwhenexceeded) | string | Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue25DisplayOnChart`](#parameter-thresholdvalue25displayonchart) | string | Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue25SendNotificationWhenExceeded`](#parameter-thresholdvalue25sendnotificationwhenexceeded) | string | Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue50DisplayOnChart`](#parameter-thresholdvalue50displayonchart) | string | Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue50SendNotificationWhenExceeded`](#parameter-thresholdvalue50sendnotificationwhenexceeded) | string | Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue75DisplayOnChart`](#parameter-thresholdvalue75displayonchart) | string | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue75SendNotificationWhenExceeded`](#parameter-thresholdvalue75sendnotificationwhenexceeded) | string | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | + +### Parameter: `currencyCode` + +The currency code of the cost. +- Required: No +- Type: string +- Default: `'USD'` + +### Parameter: `cycleEndDateTime` + +Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cycleStartDateTime` + +Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cycleType` + +Reporting cycle type. +- Required: Yes +- Type: string +- Allowed: `[CalendarMonth, Custom]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `status` + +Target cost status. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `target` + +Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `thresholdValue100DisplayOnChart` + +Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue100SendNotificationWhenExceeded` + +Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue125DisplayOnChart` + +Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue125SendNotificationWhenExceeded` + +Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue25DisplayOnChart` + +Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue25SendNotificationWhenExceeded` + +Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue50DisplayOnChart` + +Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue50SendNotificationWhenExceeded` + +Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue75DisplayOnChart` + +Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue75SendNotificationWhenExceeded` + +Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the cost. | | `resourceGroupName` | string | The name of the resource group the cost was created in. | diff --git a/modules/dev-test-lab/lab/cost/main.json b/modules/dev-test-lab/lab/cost/main.json index 5c385935d5..89f70cfd1f 100644 --- a/modules/dev-test-lab/lab/cost/main.json +++ b/modules/dev-test-lab/lab/cost/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4166206931202072952" + "version": "0.22.6.54827", + "templateHash": "17587308196408831883" }, "name": "DevTest Lab Costs", "description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.", diff --git a/modules/dev-test-lab/lab/main.json b/modules/dev-test-lab/lab/main.json index a8f2ba4948..a83a20dd30 100644 --- a/modules/dev-test-lab/lab/main.json +++ b/modules/dev-test-lab/lab/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11215744490422832347" + "version": "0.22.6.54827", + "templateHash": "12564230212135431557" }, "name": "DevTest Labs", "description": "This module deploys a DevTest Lab.", @@ -347,8 +347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10585523023574394931" + "version": "0.22.6.54827", + "templateHash": "5213684482874022181" }, "name": "DevTest Lab Virtual Networks", "description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.", @@ -511,8 +511,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8971513022315177152" + "version": "0.22.6.54827", + "templateHash": "7402281637422771358" }, "name": "DevTest Lab Policy Sets Policies", "description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.", @@ -715,8 +715,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12263098724597801740" + "version": "0.22.6.54827", + "templateHash": "853057685884144049" }, "name": "DevTest Lab Schedules", "description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.", @@ -929,8 +929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17695938428337610065" + "version": "0.22.6.54827", + "templateHash": "7575060424945865003" }, "name": "DevTest Lab Notification Channels", "description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.", @@ -1103,8 +1103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9073888459731266435" + "version": "0.22.6.54827", + "templateHash": "4180084937723506143" }, "name": "DevTest Lab Artifact Sources", "description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.", @@ -1309,8 +1309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15716544808866806342" + "version": "0.22.6.54827", + "templateHash": "17587308196408831883" }, "name": "DevTest Lab Costs", "description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.", @@ -1636,8 +1636,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4976650846797191229" + "version": "0.22.6.54827", + "templateHash": "5435640009728678460" } }, "parameters": { diff --git a/modules/dev-test-lab/lab/notificationchannel/README.md b/modules/dev-test-lab/lab/notificationchannel/README.md index 432c8b1d1b..d78d419ad8 100644 --- a/modules/dev-test-lab/lab/notificationchannel/README.md +++ b/modules/dev-test-lab/lab/notificationchannel/README.md @@ -21,32 +21,94 @@ Notification channels are used by the schedule resource type in order to send no **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `events` | array | | The list of event for which this notification is enabled. | -| `name` | string | `[autoShutdown, costThreshold]` | The name of the notification channel. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`events`](#parameter-events) | array | The list of event for which this notification is enabled. | +| [`name`](#parameter-name) | string | The name of the notification channel. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `emailRecipient` | string | `''` | The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. | -| `labName` | string | | The name of the parent lab. Required if the template is used in a standalone deployment. | -| `webHookUrl` | string | `''` | The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`emailRecipient`](#parameter-emailrecipient) | string | The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`webHookUrl`](#parameter-webhookurl) | string | The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | Description of notification. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `notificationLocale` | string | `'en'` | The locale to use when sending a notification (fallback for unsupported languages is EN). | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Description of notification. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`notificationLocale`](#parameter-notificationlocale) | string | The locale to use when sending a notification (fallback for unsupported languages is EN). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `description` + +Description of notification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `emailRecipient` + +The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `events` + +The list of event for which this notification is enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the notification channel. +- Required: Yes +- Type: string +- Allowed: `[autoShutdown, costThreshold]` + +### Parameter: `notificationLocale` + +The locale to use when sending a notification (fallback for unsupported languages is EN). +- Required: No +- Type: string +- Default: `'en'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webHookUrl` + +The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the notification channel. | | `resourceGroupName` | string | The name of the resource group the notification channel was created in. | diff --git a/modules/dev-test-lab/lab/notificationchannel/main.json b/modules/dev-test-lab/lab/notificationchannel/main.json index 0a723cda14..6251464ffc 100644 --- a/modules/dev-test-lab/lab/notificationchannel/main.json +++ b/modules/dev-test-lab/lab/notificationchannel/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16877948453352231958" + "version": "0.22.6.54827", + "templateHash": "7575060424945865003" }, "name": "DevTest Lab Notification Channels", "description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.", diff --git a/modules/dev-test-lab/lab/policyset/policy/README.md b/modules/dev-test-lab/lab/policyset/policy/README.md index fcf05efe7c..cc9746dea5 100644 --- a/modules/dev-test-lab/lab/policyset/policy/README.md +++ b/modules/dev-test-lab/lab/policyset/policy/README.md @@ -21,34 +21,109 @@ DevTest lab policies are used to modify the lab settings such as only allowing c **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `evaluatorType` | string | `[AllowedValuesPolicy, MaxValuePolicy]` | The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). | -| `factName` | string | `[EnvironmentTemplate, GalleryImage, LabPremiumVmCount, LabTargetCost, LabVmCount, LabVmSize, ScheduleEditPermission, UserOwnedLabPremiumVmCount, UserOwnedLabVmCount, UserOwnedLabVmCountInSubnet]` | The fact name of the policy. | -| `name` | string | | The name of the policy. | -| `threshold` | string | | The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`evaluatorType`](#parameter-evaluatortype) | string | The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). | +| [`factName`](#parameter-factname) | string | The fact name of the policy. | +| [`name`](#parameter-name) | string | The name of the policy. | +| [`threshold`](#parameter-threshold) | string | The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The description of the policy. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `factData` | string | `''` | | The fact data of the policy. | -| `policySetName` | string | `'default'` | | The name of the parent policy set. | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the policy. | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the policy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`factData`](#parameter-factdata) | string | The fact data of the policy. | +| [`policySetName`](#parameter-policysetname) | string | The name of the parent policy set. | +| [`status`](#parameter-status) | string | The status of the policy. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `description` + +The description of the policy. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evaluatorType` + +The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). +- Required: Yes +- Type: string +- Allowed: `[AllowedValuesPolicy, MaxValuePolicy]` + +### Parameter: `factData` + +The fact data of the policy. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `factName` + +The fact name of the policy. +- Required: Yes +- Type: string +- Allowed: `[EnvironmentTemplate, GalleryImage, LabPremiumVmCount, LabTargetCost, LabVmCount, LabVmSize, ScheduleEditPermission, UserOwnedLabPremiumVmCount, UserOwnedLabVmCount, UserOwnedLabVmCountInSubnet]` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the policy. +- Required: Yes +- Type: string + +### Parameter: `policySetName` + +The name of the parent policy set. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `status` + +The status of the policy. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `threshold` + +The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the policy. | | `resourceGroupName` | string | The name of the resource group the policy was created in. | diff --git a/modules/dev-test-lab/lab/policyset/policy/main.json b/modules/dev-test-lab/lab/policyset/policy/main.json index 5f4ddafad9..18e4b827e3 100644 --- a/modules/dev-test-lab/lab/policyset/policy/main.json +++ b/modules/dev-test-lab/lab/policyset/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9961899772573814013" + "version": "0.22.6.54827", + "templateHash": "7402281637422771358" }, "name": "DevTest Lab Policy Sets Policies", "description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.", diff --git a/modules/dev-test-lab/lab/schedule/README.md b/modules/dev-test-lab/lab/schedule/README.md index 181ecedd78..5d197319c3 100644 --- a/modules/dev-test-lab/lab/schedule/README.md +++ b/modules/dev-test-lab/lab/schedule/README.md @@ -21,36 +21,128 @@ Lab schedules are used to modify the settings for auto-shutdown, auto-start for **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[LabVmAutoStart, LabVmsShutdown]` | The name of the schedule. | -| `taskType` | string | `[LabVmsShutdownTask, LabVmsStartupTask]` | The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the schedule. | +| [`taskType`](#parameter-tasktype) | string | The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dailyRecurrence` | object | `{object}` | | If the schedule will occur once each day of the week, specify the daily recurrence. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hourlyRecurrence` | object | `{object}` | | If the schedule will occur multiple times a day, specify the hourly recurrence. | -| `notificationSettingsStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | If notifications are enabled for this schedule (i.e. Enabled, Disabled). | -| `notificationSettingsTimeInMinutes` | int | `30` | | Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the schedule (i.e. Enabled, Disabled). | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetResourceId` | string | `''` | | The resource ID to which the schedule belongs. | -| `timeZoneId` | string | `'Pacific Standard time'` | | The time zone ID (e.g. Pacific Standard time). | -| `weeklyRecurrence` | object | `{object}` | | If the schedule will occur only some days of the week, specify the weekly recurrence. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dailyRecurrence`](#parameter-dailyrecurrence) | object | If the schedule will occur once each day of the week, specify the daily recurrence. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hourlyRecurrence`](#parameter-hourlyrecurrence) | object | If the schedule will occur multiple times a day, specify the hourly recurrence. | +| [`notificationSettingsStatus`](#parameter-notificationsettingsstatus) | string | If notifications are enabled for this schedule (i.e. Enabled, Disabled). | +| [`notificationSettingsTimeInMinutes`](#parameter-notificationsettingstimeinminutes) | int | Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. | +| [`status`](#parameter-status) | string | The status of the schedule (i.e. Enabled, Disabled). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`targetResourceId`](#parameter-targetresourceid) | string | The resource ID to which the schedule belongs. | +| [`timeZoneId`](#parameter-timezoneid) | string | The time zone ID (e.g. Pacific Standard time). | +| [`weeklyRecurrence`](#parameter-weeklyrecurrence) | object | If the schedule will occur only some days of the week, specify the weekly recurrence. | + +### Parameter: `dailyRecurrence` + +If the schedule will occur once each day of the week, specify the daily recurrence. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hourlyRecurrence` + +If the schedule will occur multiple times a day, specify the hourly recurrence. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the schedule. +- Required: Yes +- Type: string +- Allowed: `[LabVmAutoStart, LabVmsShutdown]` + +### Parameter: `notificationSettingsStatus` + +If notifications are enabled for this schedule (i.e. Enabled, Disabled). +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `notificationSettingsTimeInMinutes` + +Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. +- Required: No +- Type: int +- Default: `30` + +### Parameter: `status` + +The status of the schedule (i.e. Enabled, Disabled). +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceId` + +The resource ID to which the schedule belongs. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `taskType` + +The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). +- Required: Yes +- Type: string +- Allowed: `[LabVmsShutdownTask, LabVmsStartupTask]` + +### Parameter: `timeZoneId` + +The time zone ID (e.g. Pacific Standard time). +- Required: No +- Type: string +- Default: `'Pacific Standard time'` + +### Parameter: `weeklyRecurrence` + +If the schedule will occur only some days of the week, specify the weekly recurrence. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the schedule. | | `resourceGroupName` | string | The name of the resource group the schedule was created in. | diff --git a/modules/dev-test-lab/lab/schedule/main.json b/modules/dev-test-lab/lab/schedule/main.json index a4efd42401..96c2fa8537 100644 --- a/modules/dev-test-lab/lab/schedule/main.json +++ b/modules/dev-test-lab/lab/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12427678703978539260" + "version": "0.22.6.54827", + "templateHash": "853057685884144049" }, "name": "DevTest Lab Schedules", "description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.", diff --git a/modules/dev-test-lab/lab/virtualnetwork/README.md b/modules/dev-test-lab/lab/virtualnetwork/README.md index cb4f24b6dd..c2eaf8a2bc 100644 --- a/modules/dev-test-lab/lab/virtualnetwork/README.md +++ b/modules/dev-test-lab/lab/virtualnetwork/README.md @@ -21,31 +21,84 @@ Lab virtual machines must be deployed into a virtual network. This resource type **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `externalProviderResourceId` | string | The resource ID of the virtual network. | -| `name` | string | The name of the virtual network. | +| [`externalProviderResourceId`](#parameter-externalproviderresourceid) | string | The resource ID of the virtual network. | +| [`name`](#parameter-name) | string | The name of the virtual network. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowedSubnets` | array | `[]` | The allowed subnets of the virtual network. | -| `description` | string | `''` | The description of the virtual network. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `subnetOverrides` | array | `[]` | The subnet overrides of the virtual network. | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedSubnets`](#parameter-allowedsubnets) | array | The allowed subnets of the virtual network. | +| [`description`](#parameter-description) | string | The description of the virtual network. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`subnetOverrides`](#parameter-subnetoverrides) | array | The subnet overrides of the virtual network. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `allowedSubnets` + +The allowed subnets of the virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of the virtual network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalProviderResourceId` + +The resource ID of the virtual network. +- Required: Yes +- Type: string + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the virtual network. +- Required: Yes +- Type: string + +### Parameter: `subnetOverrides` + +The subnet overrides of the virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lab virtual network. | | `resourceGroupName` | string | The name of the resource group the lab virtual network was created in. | diff --git a/modules/dev-test-lab/lab/virtualnetwork/main.json b/modules/dev-test-lab/lab/virtualnetwork/main.json index 1449aed564..71e0cb54e5 100644 --- a/modules/dev-test-lab/lab/virtualnetwork/main.json +++ b/modules/dev-test-lab/lab/virtualnetwork/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3541849489263903716" + "version": "0.22.6.54827", + "templateHash": "5213684482874022181" }, "name": "DevTest Lab Virtual Networks", "description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.", diff --git a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep index 73b4bd8fae..fceb1ad4b6 100644 --- a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep +++ b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep index e923ca1679..f970096185 100644 --- a/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep +++ b/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md index b7fd3b5123..7c92db6dec 100644 --- a/modules/digital-twins/digital-twins-instance/README.md +++ b/modules/digital-twins/digital-twins-instance/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Digital Twins Instance. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -23,72 +23,28 @@ This module deploys an Azure Digital Twins Instance. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Digital Twin Instance. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DataHistoryOperation, DigitalTwinsOperation, EventRoutesOperation, ModelsOperation, QueryOperation, ResourceProviderOperation]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `eventGridEndpoint` | object | `{object}` | | Event Grid Endpoint. | -| `eventHubEndpoint` | object | `{object}` | | Event Hub Endpoint. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceBusEndpoint` | object | `{object}` | | Service Bus Endpoint. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Resource tags. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostname` | string | The hostname of the Digital Twins Instance. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Digital Twins Instance. | -| `resourceGroupName` | string | The name of the resource group the resource was created in. | -| `resourceId` | string | The resource ID of the Digital Twins Instance. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/digital-twins.digital-twins-instance:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep' = { +module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtdticom' params: { // Required parameters @@ -248,14 +204,17 @@ module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep'

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep' = { +module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtdtimin' params: { // Required parameters @@ -292,3 +251,198 @@ module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep'

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Digital Twin Instance. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`eventGridEndpoint`](#parameter-eventgridendpoint) | object | Event Grid Endpoint. | +| [`eventHubEndpoint`](#parameter-eventhubendpoint) | object | Event Hub Endpoint. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceBusEndpoint`](#parameter-servicebusendpoint) | object | Service Bus Endpoint. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DataHistoryOperation, DigitalTwinsOperation, EventRoutesOperation, ModelsOperation, QueryOperation, ResourceProviderOperation]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventGridEndpoint` + +Event Grid Endpoint. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `eventHubEndpoint` + +Event Hub Endpoint. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Digital Twin Instance. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceBusEndpoint` + +Service Bus Endpoint. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostname` | string | The hostname of the Digital Twins Instance. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Digital Twins Instance. | +| `resourceGroupName` | string | The name of the resource group the resource was created in. | +| `resourceId` | string | The resource ID of the Digital Twins Instance. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md index 70a63cb0a6..0b66892ffa 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md @@ -19,30 +19,76 @@ This module deploys a Digital Twins Instance Event Grid Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `eventGridDomainResourceId` | string | The resource ID of the Event Grid to get access keys from. | -| `topicEndpoint` | string | EventGrid Topic Endpoint. | +| [`eventGridDomainResourceId`](#parameter-eventgriddomainresourceid) | string | The resource ID of the Event Grid to get access keys from. | +| [`topicEndpoint`](#parameter-topicendpoint) | string | EventGrid Topic Endpoint. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `digitalTwinInstanceName` | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | +| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `deadLetterSecret` | securestring | `''` | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| `deadLetterUri` | string | `''` | Dead letter storage URL for identity-based authentication. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'EventGridEndpoint'` | The name of the Digital Twin Endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | +| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | + +### Parameter: `deadLetterSecret` + +Dead letter storage secret for key-based authentication. Will be obfuscated during read. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterUri` + +Dead letter storage URL for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventGridDomainResourceId` + +The resource ID of the Event Grid to get access keys from. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the Digital Twin Endpoint. +- Required: No +- Type: string +- Default: `'EventGridEndpoint'` + +### Parameter: `topicEndpoint` + +EventGrid Topic Endpoint. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md index 89cb8b96b9..ea2990793c 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md @@ -19,30 +19,114 @@ This module deploys a Digital Twins Instance EventHub Endpoint. **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `connectionStringPrimaryKey` | securestring | `''` | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | -| `digitalTwinInstanceName` | string | | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`connectionStringPrimaryKey`](#parameter-connectionstringprimarykey) | securestring | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | +| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationType` | string | `'IdentityBased'` | `[IdentityBased, KeyBased]` | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | -| `connectionStringSecondaryKey` | securestring | `''` | | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | -| `deadLetterSecret` | securestring | `''` | | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| `deadLetterUri` | string | `''` | | Dead letter storage URL for identity-based authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endpointUri` | string | `''` | | The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). | -| `entityPath` | string | `''` | | The EventHub name in the EventHub namespace for identity-based authentication. | -| `name` | string | `'EventHubEndpoint'` | | The name of the Digital Twin Endpoint. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `userAssignedIdentity` | string | `''` | | The ID to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authenticationType`](#parameter-authenticationtype) | string | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | +| [`connectionStringSecondaryKey`](#parameter-connectionstringsecondarykey) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | +| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | +| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`endpointUri`](#parameter-endpointuri) | string | The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). | +| [`entityPath`](#parameter-entitypath) | string | The EventHub name in the EventHub namespace for identity-based authentication. | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedIdentity`](#parameter-userassignedidentity) | string | The ID to assign to the resource. | + +### Parameter: `authenticationType` + +Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. +- Required: No +- Type: string +- Default: `'IdentityBased'` +- Allowed: `[IdentityBased, KeyBased]` + +### Parameter: `connectionStringPrimaryKey` + +PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `connectionStringSecondaryKey` + +SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterSecret` + +Dead letter storage secret for key-based authentication. Will be obfuscated during read. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterUri` + +Dead letter storage URL for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointUri` + +The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `entityPath` + +The EventHub name in the EventHub namespace for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Digital Twin Endpoint. +- Required: No +- Type: string +- Default: `'EventHubEndpoint'` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `userAssignedIdentity` + +The ID to assign to the resource. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | diff --git a/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md b/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md index 3f448d3791..eeae357cd9 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md @@ -19,30 +19,114 @@ This module deploys a Digital Twins Instance ServiceBus Endpoint. **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `digitalTwinInstanceName` | string | | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | -| `primaryConnectionString` | securestring | `''` | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | +| [`primaryConnectionString`](#parameter-primaryconnectionstring) | securestring | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationType` | string | `'IdentityBased'` | `[IdentityBased, KeyBased]` | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | -| `deadLetterSecret` | securestring | `''` | | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| `deadLetterUri` | string | `''` | | Dead letter storage URL for identity-based authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endpointUri` | string | `''` | | The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). | -| `entityPath` | string | `''` | | The ServiceBus Topic name for identity-based authentication. | -| `name` | string | `'ServiceBusEndpoint'` | | The name of the Digital Twin Endpoint. | -| `secondaryConnectionString` | securestring | `''` | | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `userAssignedIdentity` | string | `''` | | The ID to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authenticationType`](#parameter-authenticationtype) | string | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | +| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | +| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`endpointUri`](#parameter-endpointuri) | string | The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). | +| [`entityPath`](#parameter-entitypath) | string | The ServiceBus Topic name for identity-based authentication. | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +| [`secondaryConnectionString`](#parameter-secondaryconnectionstring) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedIdentity`](#parameter-userassignedidentity) | string | The ID to assign to the resource. | + +### Parameter: `authenticationType` + +Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. +- Required: No +- Type: string +- Default: `'IdentityBased'` +- Allowed: `[IdentityBased, KeyBased]` + +### Parameter: `deadLetterSecret` + +Dead letter storage secret for key-based authentication. Will be obfuscated during read. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterUri` + +Dead letter storage URL for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointUri` + +The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `entityPath` + +The ServiceBus Topic name for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Digital Twin Endpoint. +- Required: No +- Type: string +- Default: `'ServiceBusEndpoint'` + +### Parameter: `primaryConnectionString` + +PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `secondaryConnectionString` + +SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `userAssignedIdentity` + +The ID to assign to the resource. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | diff --git a/modules/document-db/database-account/README.md b/modules/document-db/database-account/README.md index 3eea1daa41..69a8c77859 100644 --- a/modules/document-db/database-account/README.md +++ b/modules/document-db/database-account/README.md @@ -5,10 +5,10 @@ This module deploys a DocumentDB Database Account. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -27,85 +27,27 @@ This module deploys a DocumentDB Database Account. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `locations` | array | Locations enabled for the Cosmos DB account. | -| `name` | string | Name of the Database Account. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `automaticFailover` | bool | `True` | | Enable automatic failover for regions. | -| `backupIntervalInMinutes` | int | `240` | | An integer representing the interval in minutes between two backups. Only applies to periodic backup type. | -| `backupPolicyContinuousTier` | string | `'Continuous30Days'` | `[Continuous30Days, Continuous7Days]` | Configuration values for continuous mode backup. | -| `backupPolicyType` | string | `'Continuous'` | `[Continuous, Periodic]` | Describes the mode of backups. | -| `backupRetentionIntervalInHours` | int | `8` | | An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. | -| `backupStorageRedundancy` | string | `'Local'` | `[Geo, Local, Zone]` | Enum to indicate type of backup residency. Only applies to periodic backup type. | -| `capabilitiesToAdd` | array | `[]` | `[DisableRateLimitingResponses, EnableCassandra, EnableGremlin, EnableMongo, EnableServerless, EnableTable]` | List of Cosmos DB capabilities for the account. | -| `databaseAccountOfferType` | string | `'Standard'` | `[Standard]` | The offer type for the Cosmos DB database account. | -| `defaultConsistencyLevel` | string | `'Session'` | `[BoundedStaleness, ConsistentPrefix, Eventual, Session, Strong]` | The default consistency level of the Cosmos DB account. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Requests]` | `[Requests]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableFreeTier` | bool | `False` | | Flag to indicate whether Free Tier is enabled. | -| `gremlinDatabases` | array | `[]` | | Gremlin Databases configurations. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxIntervalInSeconds` | int | `300` | | Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. | -| `maxStalenessPrefix` | int | `100000` | | Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. | -| `mongodbDatabases` | array | `[]` | | MongoDB Databases configurations. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serverVersion` | string | `'4.2'` | `[3.2, 3.6, 4.0, 4.2]` | Specifies the MongoDB server version to use. | -| `sqlDatabases` | array | `[]` | | SQL Databases configurations. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Database Account resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the database account. | -| `resourceGroupName` | string | The name of the resource group the database account was created in. | -| `resourceId` | string | The resource ID of the database account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules +## Usage examples -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Deployment examples +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/document-db.database-account:1.0.0`. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +- [Gremlindb](#example-1-gremlindb) +- [Mongodb](#example-2-mongodb) +- [Plain](#example-3-plain) +- [Sqldb](#example-4-sqldb) - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Gremlindb

+### Example 1: _Gremlindb_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddagrm' params: { // Required parameters @@ -331,14 +273,14 @@ module databaseAccount './document-db/database-account/main.bicep' = {

-

Example 2: Mongodb

+### Example 2: _Mongodb_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddamng' params: { // Required parameters @@ -828,14 +770,14 @@ module databaseAccount './document-db/database-account/main.bicep' = {

-

Example 3: Plain

+### Example 3: _Plain_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddapln' params: { // Required parameters @@ -951,14 +893,14 @@ module databaseAccount './document-db/database-account/main.bicep' = {

-

Example 4: Sqldb

+### Example 4: _Sqldb_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddasql' params: { // Required parameters @@ -1269,3 +1211,307 @@ module databaseAccount './document-db/database-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`locations`](#parameter-locations) | array | Locations enabled for the Cosmos DB account. | +| [`name`](#parameter-name) | string | Name of the Database Account. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`automaticFailover`](#parameter-automaticfailover) | bool | Enable automatic failover for regions. | +| [`backupIntervalInMinutes`](#parameter-backupintervalinminutes) | int | An integer representing the interval in minutes between two backups. Only applies to periodic backup type. | +| [`backupPolicyContinuousTier`](#parameter-backuppolicycontinuoustier) | string | Configuration values for continuous mode backup. | +| [`backupPolicyType`](#parameter-backuppolicytype) | string | Describes the mode of backups. | +| [`backupRetentionIntervalInHours`](#parameter-backupretentionintervalinhours) | int | An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. | +| [`backupStorageRedundancy`](#parameter-backupstorageredundancy) | string | Enum to indicate type of backup residency. Only applies to periodic backup type. | +| [`capabilitiesToAdd`](#parameter-capabilitiestoadd) | array | List of Cosmos DB capabilities for the account. | +| [`databaseAccountOfferType`](#parameter-databaseaccountoffertype) | string | The offer type for the Cosmos DB database account. | +| [`defaultConsistencyLevel`](#parameter-defaultconsistencylevel) | string | The default consistency level of the Cosmos DB account. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableFreeTier`](#parameter-enablefreetier) | bool | Flag to indicate whether Free Tier is enabled. | +| [`gremlinDatabases`](#parameter-gremlindatabases) | array | Gremlin Databases configurations. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxIntervalInSeconds`](#parameter-maxintervalinseconds) | int | Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. | +| [`maxStalenessPrefix`](#parameter-maxstalenessprefix) | int | Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. | +| [`mongodbDatabases`](#parameter-mongodbdatabases) | array | MongoDB Databases configurations. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serverVersion`](#parameter-serverversion) | string | Specifies the MongoDB server version to use. | +| [`sqlDatabases`](#parameter-sqldatabases) | array | SQL Databases configurations. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Database Account resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `automaticFailover` + +Enable automatic failover for regions. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `backupIntervalInMinutes` + +An integer representing the interval in minutes between two backups. Only applies to periodic backup type. +- Required: No +- Type: int +- Default: `240` + +### Parameter: `backupPolicyContinuousTier` + +Configuration values for continuous mode backup. +- Required: No +- Type: string +- Default: `'Continuous30Days'` +- Allowed: `[Continuous30Days, Continuous7Days]` + +### Parameter: `backupPolicyType` + +Describes the mode of backups. +- Required: No +- Type: string +- Default: `'Continuous'` +- Allowed: `[Continuous, Periodic]` + +### Parameter: `backupRetentionIntervalInHours` + +An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. +- Required: No +- Type: int +- Default: `8` + +### Parameter: `backupStorageRedundancy` + +Enum to indicate type of backup residency. Only applies to periodic backup type. +- Required: No +- Type: string +- Default: `'Local'` +- Allowed: `[Geo, Local, Zone]` + +### Parameter: `capabilitiesToAdd` + +List of Cosmos DB capabilities for the account. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[DisableRateLimitingResponses, EnableCassandra, EnableGremlin, EnableMongo, EnableServerless, EnableTable]` + +### Parameter: `databaseAccountOfferType` + +The offer type for the Cosmos DB database account. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Standard]` + +### Parameter: `defaultConsistencyLevel` + +The default consistency level of the Cosmos DB account. +- Required: No +- Type: string +- Default: `'Session'` +- Allowed: `[BoundedStaleness, ConsistentPrefix, Eventual, Session, Strong]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Requests]` +- Allowed: `[Requests]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableFreeTier` + +Flag to indicate whether Free Tier is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gremlinDatabases` + +Gremlin Databases configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `locations` + +Locations enabled for the Cosmos DB account. +- Required: Yes +- Type: array + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxIntervalInSeconds` + +Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. +- Required: No +- Type: int +- Default: `300` + +### Parameter: `maxStalenessPrefix` + +Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. +- Required: No +- Type: int +- Default: `100000` + +### Parameter: `mongodbDatabases` + +MongoDB Databases configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Name of the Database Account. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serverVersion` + +Specifies the MongoDB server version to use. +- Required: No +- Type: string +- Default: `'4.2'` +- Allowed: `[3.2, 3.6, 4.0, 4.2]` + +### Parameter: `sqlDatabases` + +SQL Databases configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Database Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the database account. | +| `resourceGroupName` | string | The name of the resource group the database account was created in. | +| `resourceId` | string | The resource ID of the database account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/document-db/database-account/gremlin-database/README.md b/modules/document-db/database-account/gremlin-database/README.md index bd2d6e6b59..4a715c8f19 100644 --- a/modules/document-db/database-account/gremlin-database/README.md +++ b/modules/document-db/database-account/gremlin-database/README.md @@ -21,32 +21,93 @@ This module deploys a Gremlin Database within a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Gremlin database. | +| [`name`](#parameter-name) | string | Name of the Gremlin database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Gremlin database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Gremlin database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `graphs` | array | `[]` | Array of graphs to deploy in the Gremlin database. | -| `maxThroughput` | int | `4000` | Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. | -| `systemAssignedIdentity` | bool | `False` | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | Tags of the Gremlin database resource. | -| `throughput` | int | `-1` | Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`graphs`](#parameter-graphs) | array | Array of graphs to deploy in the Gremlin database. | +| [`maxThroughput`](#parameter-maxthroughput) | int | Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Gremlin database resource. | +| [`throughput`](#parameter-throughput) | int | Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `databaseAccountName` + +The name of the parent Gremlin database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `graphs` + +Array of graphs to deploy in the Gremlin database. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `maxThroughput` + +Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. +- Required: No +- Type: int +- Default: `4000` + +### Parameter: `name` + +Name of the Gremlin database. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Gremlin database resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Gremlin database. | | `resourceGroupName` | string | The name of the resource group the Gremlin database was created in. | diff --git a/modules/document-db/database-account/gremlin-database/graph/README.md b/modules/document-db/database-account/gremlin-database/graph/README.md index 9ef2885821..9bd3196bdc 100644 --- a/modules/document-db/database-account/gremlin-database/graph/README.md +++ b/modules/document-db/database-account/gremlin-database/graph/README.md @@ -20,30 +20,76 @@ This module deploys a DocumentDB Database Accounts Gremlin Database Graph. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the graph. | +| [`name`](#parameter-name) | string | Name of the graph. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | -| `gremlinDatabaseName` | string | The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | +| [`gremlinDatabaseName`](#parameter-gremlindatabasename) | string | The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `indexingPolicy` | object | `{object}` | Indexing policy of the graph. | -| `partitionKeyPaths` | array | `[]` | List of paths using which data within the container can be partitioned. | -| `tags` | object | `{object}` | Tags of the Gremlin graph resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`indexingPolicy`](#parameter-indexingpolicy) | object | Indexing policy of the graph. | +| [`partitionKeyPaths`](#parameter-partitionkeypaths) | array | List of paths using which data within the container can be partitioned. | +| [`tags`](#parameter-tags) | object | Tags of the Gremlin graph resource. | + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gremlinDatabaseName` + +The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `indexingPolicy` + +Indexing policy of the graph. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the graph. +- Required: Yes +- Type: string + +### Parameter: `partitionKeyPaths` + +List of paths using which data within the container can be partitioned. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the Gremlin graph resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the graph. | | `resourceGroupName` | string | The name of the resource group the graph was created in. | diff --git a/modules/document-db/database-account/gremlin-database/graph/main.json b/modules/document-db/database-account/gremlin-database/graph/main.json index d02a60bd22..ac3ab15bde 100644 --- a/modules/document-db/database-account/gremlin-database/graph/main.json +++ b/modules/document-db/database-account/gremlin-database/graph/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3593445264917455012" + "version": "0.22.6.54827", + "templateHash": "18333404401527081455" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/modules/document-db/database-account/gremlin-database/main.json b/modules/document-db/database-account/gremlin-database/main.json index f3df7da63e..3a99fdbe58 100644 --- a/modules/document-db/database-account/gremlin-database/main.json +++ b/modules/document-db/database-account/gremlin-database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4256328904115204005" + "version": "0.22.6.54827", + "templateHash": "15423165717770718605" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -141,8 +141,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3593445264917455012" + "version": "0.22.6.54827", + "templateHash": "18333404401527081455" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/modules/document-db/database-account/main.json b/modules/document-db/database-account/main.json index a5a0399033..8c6c60a55b 100644 --- a/modules/document-db/database-account/main.json +++ b/modules/document-db/database-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9451370227821690902" + "version": "0.22.6.54827", + "templateHash": "1321966146332079883" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -466,8 +466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5613744277609573742" + "version": "0.22.6.54827", + "templateHash": "9195274417066284555" } }, "parameters": { @@ -618,8 +618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12650326317614213616" + "version": "0.22.6.54827", + "templateHash": "11353697729412779140" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -746,8 +746,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17915639819408167865" + "version": "0.22.6.54827", + "templateHash": "8116399669974678281" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", @@ -985,8 +985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6108492173430130197" + "version": "0.22.6.54827", + "templateHash": "1822071123668929932" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -1103,8 +1103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15278439403607777812" + "version": "0.22.6.54827", + "templateHash": "14573428332905458641" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", @@ -1275,8 +1275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3882851808439491481" + "version": "0.22.6.54827", + "templateHash": "15423165717770718605" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -1412,8 +1412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16873442968006597080" + "version": "0.22.6.54827", + "templateHash": "18333404401527081455" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", @@ -1603,8 +1603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1803,8 +1803,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1941,8 +1941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/document-db/database-account/mongodb-database/README.md b/modules/document-db/database-account/mongodb-database/README.md index d9c2501383..93ddb86a7f 100644 --- a/modules/document-db/database-account/mongodb-database/README.md +++ b/modules/document-db/database-account/mongodb-database/README.md @@ -20,29 +20,69 @@ This module deploys a MongoDB Database within a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the mongodb database. | +| [`name`](#parameter-name) | string | Name of the mongodb database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `collections` | array | `[]` | Collections in the mongodb database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the resource. | -| `throughput` | int | `400` | Name of the mongodb database. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`collections`](#parameter-collections) | array | Collections in the mongodb database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`throughput`](#parameter-throughput) | int | Name of the mongodb database. | + +### Parameter: `collections` + +Collections in the mongodb database. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `databaseAccountName` + +The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the mongodb database. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Name of the mongodb database. +- Required: No +- Type: int +- Default: `400` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the mongodb database. | | `resourceGroupName` | string | The name of the resource group the mongodb database was created in. | diff --git a/modules/document-db/database-account/mongodb-database/collection/README.md b/modules/document-db/database-account/mongodb-database/collection/README.md index c29b48e614..ce98977d82 100644 --- a/modules/document-db/database-account/mongodb-database/collection/README.md +++ b/modules/document-db/database-account/mongodb-database/collection/README.md @@ -20,30 +20,74 @@ This module deploys a MongoDB Database Collection. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `indexes` | array | Indexes for the collection. | -| `name` | string | Name of the collection. | -| `shardKey` | object | ShardKey for the collection. | +| [`indexes`](#parameter-indexes) | array | Indexes for the collection. | +| [`name`](#parameter-name) | string | Name of the collection. | +| [`shardKey`](#parameter-shardkey) | object | ShardKey for the collection. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | -| `mongodbDatabaseName` | string | The name of the parent mongodb database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | +| [`mongodbDatabaseName`](#parameter-mongodbdatabasename) | string | The name of the parent mongodb database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `throughput` | int | `400` | Name of the mongodb database. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`throughput`](#parameter-throughput) | int | Name of the mongodb database. | + +### Parameter: `databaseAccountName` + +The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `indexes` + +Indexes for the collection. +- Required: Yes +- Type: array + +### Parameter: `mongodbDatabaseName` + +The name of the parent mongodb database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the collection. +- Required: Yes +- Type: string + +### Parameter: `shardKey` + +ShardKey for the collection. +- Required: Yes +- Type: object + +### Parameter: `throughput` + +Name of the mongodb database. +- Required: No +- Type: int +- Default: `400` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the mongodb database. | | `resourceGroupName` | string | The name of the resource group the mongodb database was created in. | diff --git a/modules/document-db/database-account/mongodb-database/collection/main.json b/modules/document-db/database-account/mongodb-database/collection/main.json index a6fa0bc567..7b4dd23c09 100644 --- a/modules/document-db/database-account/mongodb-database/collection/main.json +++ b/modules/document-db/database-account/mongodb-database/collection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12957080003676592321" + "version": "0.22.6.54827", + "templateHash": "14573428332905458641" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/modules/document-db/database-account/mongodb-database/main.json b/modules/document-db/database-account/mongodb-database/main.json index 3446932229..ac1f8b3634 100644 --- a/modules/document-db/database-account/mongodb-database/main.json +++ b/modules/document-db/database-account/mongodb-database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13972019361365434498" + "version": "0.22.6.54827", + "templateHash": "1822071123668929932" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -122,8 +122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12957080003676592321" + "version": "0.22.6.54827", + "templateHash": "14573428332905458641" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/modules/document-db/database-account/sql-database/README.md b/modules/document-db/database-account/sql-database/README.md index 2d6e69f472..83def7fb2b 100644 --- a/modules/document-db/database-account/sql-database/README.md +++ b/modules/document-db/database-account/sql-database/README.md @@ -20,30 +20,77 @@ This module deploys a SQL Database in a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the SQL database . | +| [`name`](#parameter-name) | string | Name of the SQL database . | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `autoscaleSettingsMaxThroughput` | int | `-1` | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | -| `containers` | array | `[]` | Array of containers to deploy in the SQL database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the SQL database resource. | -| `throughput` | int | `400` | Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoscaleSettingsMaxThroughput`](#parameter-autoscalesettingsmaxthroughput) | int | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | +| [`containers`](#parameter-containers) | array | Array of containers to deploy in the SQL database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the SQL database resource. | +| [`throughput`](#parameter-throughput) | int | Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | + +### Parameter: `autoscaleSettingsMaxThroughput` + +Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `containers` + +Array of containers to deploy in the SQL database. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the SQL database . +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the SQL database resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. +- Required: No +- Type: int +- Default: `400` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the SQL database. | | `resourceGroupName` | string | The name of the resource group the SQL database was created in. | diff --git a/modules/document-db/database-account/sql-database/container/README.md b/modules/document-db/database-account/sql-database/container/README.md index 1e14de9526..a090b1fe3f 100644 --- a/modules/document-db/database-account/sql-database/container/README.md +++ b/modules/document-db/database-account/sql-database/container/README.md @@ -20,37 +20,133 @@ This module deploys a SQL Database Container in a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the container. | +| [`name`](#parameter-name) | string | Name of the container. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | -| `sqlDatabaseName` | string | The name of the parent SQL Database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | +| [`sqlDatabaseName`](#parameter-sqldatabasename) | string | The name of the parent SQL Database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `analyticalStorageTtl` | int | `0` | | Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. | -| `autoscaleSettingsMaxThroughput` | int | `-1` | | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | -| `conflictResolutionPolicy` | object | `{object}` | | The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. | -| `defaultTtl` | int | `-1` | | Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `indexingPolicy` | object | `{object}` | | Indexing policy of the container. | -| `kind` | string | `'Hash'` | `[Hash, MultiHash, Range]` | Indicates the kind of algorithm used for partitioning. | -| `paths` | array | `[]` | | List of paths using which data within the container can be partitioned. | -| `tags` | object | `{object}` | | Tags of the SQL Database resource. | -| `throughput` | int | `400` | | Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | -| `uniqueKeyPolicyKeys` | array | `[]` | | The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`analyticalStorageTtl`](#parameter-analyticalstoragettl) | int | Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. | +| [`autoscaleSettingsMaxThroughput`](#parameter-autoscalesettingsmaxthroughput) | int | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | +| [`conflictResolutionPolicy`](#parameter-conflictresolutionpolicy) | object | The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. | +| [`defaultTtl`](#parameter-defaultttl) | int | Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`indexingPolicy`](#parameter-indexingpolicy) | object | Indexing policy of the container. | +| [`kind`](#parameter-kind) | string | Indicates the kind of algorithm used for partitioning. | +| [`paths`](#parameter-paths) | array | List of paths using which data within the container can be partitioned. | +| [`tags`](#parameter-tags) | object | Tags of the SQL Database resource. | +| [`throughput`](#parameter-throughput) | int | Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | +| [`uniqueKeyPolicyKeys`](#parameter-uniquekeypolicykeys) | array | The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. | + +### Parameter: `analyticalStorageTtl` + +Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `autoscaleSettingsMaxThroughput` + +Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `conflictResolutionPolicy` + +The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `defaultTtl` + +Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `indexingPolicy` + +Indexing policy of the container. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `kind` + +Indicates the kind of algorithm used for partitioning. +- Required: No +- Type: string +- Default: `'Hash'` +- Allowed: `[Hash, MultiHash, Range]` + +### Parameter: `name` + +Name of the container. +- Required: Yes +- Type: string + +### Parameter: `paths` + +List of paths using which data within the container can be partitioned. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sqlDatabaseName` + +The name of the parent SQL Database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the SQL Database resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. +- Required: No +- Type: int +- Default: `400` + +### Parameter: `uniqueKeyPolicyKeys` + +The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the container. | | `resourceGroupName` | string | The name of the resource group the container was created in. | diff --git a/modules/document-db/database-account/sql-database/container/main.json b/modules/document-db/database-account/sql-database/container/main.json index 6986286959..0975283cf0 100644 --- a/modules/document-db/database-account/sql-database/container/main.json +++ b/modules/document-db/database-account/sql-database/container/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14315455818011845279" + "version": "0.22.6.54827", + "templateHash": "8116399669974678281" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/modules/document-db/database-account/sql-database/main.json b/modules/document-db/database-account/sql-database/main.json index 145a1881bc..f077897716 100644 --- a/modules/document-db/database-account/sql-database/main.json +++ b/modules/document-db/database-account/sql-database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3181306638327423907" + "version": "0.22.6.54827", + "templateHash": "11353697729412779140" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -132,8 +132,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14315455818011845279" + "version": "0.22.6.54827", + "templateHash": "8116399669974678281" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/modules/event-grid/domain/.test/common/main.test.bicep b/modules/event-grid/domain/.test/common/main.test.bicep index 9a38dc3ee4..868878e147 100644 --- a/modules/event-grid/domain/.test/common/main.test.bicep +++ b/modules/event-grid/domain/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/domain/.test/min/main.test.bicep b/modules/event-grid/domain/.test/min/main.test.bicep index 3fe94445cd..f7238a4aaa 100644 --- a/modules/event-grid/domain/.test/min/main.test.bicep +++ b/modules/event-grid/domain/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/domain/README.md b/modules/event-grid/domain/README.md index 4da7b333e7..1b981ed272 100644 --- a/modules/event-grid/domain/README.md +++ b/modules/event-grid/domain/README.md @@ -5,10 +5,10 @@ This module deploys an Event Grid Domain. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,70 +22,29 @@ This module deploys an Event Grid Domain. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Domain. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoCreateTopicWithFirstSubscription` | bool | `True` | | Location for all Resources. | -| `autoDeleteTopicWithLastSubscription` | bool | `True` | | Location for all Resources. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `inboundIpRules` | array | `[]` | | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `topics` | array | `[]` | | The topic names which are associated with the domain. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the event grid domain. | -| `resourceGroupName` | string | The name of the resource group the event grid domain was deployed into. | -| `resourceId` | string | The resource ID of the event grid domain. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-grid.domain:1.0.0`. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module domain './event-grid/domain/main.bicep' = { +module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egdcom' params: { // Required parameters @@ -231,14 +190,17 @@ module domain './event-grid/domain/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module domain './event-grid/domain/main.bicep' = { +module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egdmin' params: { // Required parameters @@ -276,14 +238,14 @@ module domain './event-grid/domain/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module domain './event-grid/domain/main.bicep' = { +module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egdpe' params: { // Required parameters @@ -366,3 +328,189 @@ module domain './event-grid/domain/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Event Grid Domain. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoCreateTopicWithFirstSubscription`](#parameter-autocreatetopicwithfirstsubscription) | bool | Location for all Resources. | +| [`autoDeleteTopicWithLastSubscription`](#parameter-autodeletetopicwithlastsubscription) | bool | Location for all Resources. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`inboundIpRules`](#parameter-inboundiprules) | array | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`topics`](#parameter-topics) | array | The topic names which are associated with the domain. | + +### Parameter: `autoCreateTopicWithFirstSubscription` + +Location for all Resources. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `autoDeleteTopicWithLastSubscription` + +Location for all Resources. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DeliveryFailures, PublishFailures]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `inboundIpRules` + +This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Event Grid Domain. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topics` + +The topic names which are associated with the domain. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid domain. | +| `resourceGroupName` | string | The name of the resource group the event grid domain was deployed into. | +| `resourceId` | string | The resource ID of the event grid domain. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/event-grid/domain/main.json b/modules/event-grid/domain/main.json index 84acd63341..dcfe142327 100644 --- a/modules/event-grid/domain/main.json +++ b/modules/event-grid/domain/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7818867267496589436" + "version": "0.22.6.54827", + "templateHash": "7856347884267755946" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -284,8 +284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3376028275602435166" + "version": "0.22.6.54827", + "templateHash": "13108601447016690436" }, "name": "Event Grid Domain Topics", "description": "This module deploys an Event Grid Domain Topic.", @@ -415,8 +415,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -615,8 +615,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -753,8 +753,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -967,8 +967,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16462235446782187240" + "version": "0.22.6.54827", + "templateHash": "1659842695042016822" } }, "parameters": { diff --git a/modules/event-grid/domain/topic/README.md b/modules/event-grid/domain/topic/README.md index d34ee64a33..f4c4b1a733 100644 --- a/modules/event-grid/domain/topic/README.md +++ b/modules/event-grid/domain/topic/README.md @@ -19,27 +19,53 @@ This module deploys an Event Grid Domain Topic. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Domain Topic. | +| [`name`](#parameter-name) | string | The name of the Event Grid Domain Topic. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `domainName` | string | The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. | +| [`domainName`](#parameter-domainname) | string | The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all Resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | + +### Parameter: `domainName` + +The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Event Grid Domain Topic. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the event grid topic. | | `resourceGroupName` | string | The name of the resource group the event grid topic was deployed into. | diff --git a/modules/event-grid/domain/topic/main.json b/modules/event-grid/domain/topic/main.json index 8b821bd6f1..c640f2628c 100644 --- a/modules/event-grid/domain/topic/main.json +++ b/modules/event-grid/domain/topic/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15871414282174794846" + "version": "0.22.6.54827", + "templateHash": "13108601447016690436" }, "name": "Event Grid Domain Topics", "description": "This module deploys an Event Grid Domain Topic.", diff --git a/modules/event-grid/system-topic/.test/common/main.test.bicep b/modules/event-grid/system-topic/.test/common/main.test.bicep index d5cd6b5f79..316cfc5c48 100644 --- a/modules/event-grid/system-topic/.test/common/main.test.bicep +++ b/modules/event-grid/system-topic/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/system-topic/.test/min/main.test.bicep b/modules/event-grid/system-topic/.test/min/main.test.bicep index 89d438902b..52ccd0b7bc 100644 --- a/modules/event-grid/system-topic/.test/min/main.test.bicep +++ b/modules/event-grid/system-topic/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/system-topic/README.md b/modules/event-grid/system-topic/README.md index a1fbd8ae6d..e605059de0 100644 --- a/modules/event-grid/system-topic/README.md +++ b/modules/event-grid/system-topic/README.md @@ -5,10 +5,10 @@ This module deploys an Event Grid System Topic. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,66 +20,28 @@ This module deploys an Event Grid System Topic. | `Microsoft.EventGrid/systemTopics/eventSubscriptions` | [2022-06-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2022-06-15/systemTopics/eventSubscriptions) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Topic. | -| `source` | string | Source for the system topic. | -| `topicType` | string | TopicType for the system topic. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-grid.system-topic:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DeliveryFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventSubscriptions` | array | `[]` | | Event subscriptions to deploy. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the event grid system topic. | -| `resourceGroupName` | string | The name of the resource group the event grid system topic was deployed into. | -| `resourceId` | string | The resource ID of the event grid system topic. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module systemTopic './event-grid/system-topic/main.bicep' = { +module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egstcom' params: { // Required parameters @@ -227,14 +189,17 @@ module systemTopic './event-grid/system-topic/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module systemTopic './event-grid/system-topic/main.bicep' = { +module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egstmin' params: { // Required parameters @@ -279,3 +244,175 @@ module systemTopic './event-grid/system-topic/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Event Grid Topic. | +| [`source`](#parameter-source) | string | Source for the system topic. | +| [`topicType`](#parameter-topictype) | string | TopicType for the system topic. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventSubscriptions`](#parameter-eventsubscriptions) | array | Event subscriptions to deploy. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DeliveryFailures]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventSubscriptions` + +Event subscriptions to deploy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Event Grid Topic. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `source` + +Source for the system topic. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topicType` + +TopicType for the system topic. +- Required: Yes +- Type: string + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid system topic. | +| `resourceGroupName` | string | The name of the resource group the event grid system topic was deployed into. | +| `resourceId` | string | The resource ID of the event grid system topic. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/event-grid/system-topic/event-subscription/README.md b/modules/event-grid/system-topic/event-subscription/README.md index 0ec60e8c50..d488702524 100644 --- a/modules/event-grid/system-topic/event-subscription/README.md +++ b/modules/event-grid/system-topic/event-subscription/README.md @@ -19,31 +19,120 @@ This module deploys an Event Grid System Topic Event Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `destination` | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | -| `name` | string | The name of the Event Subscription. | -| `systemTopicName` | string | Name of the Event Grid System Topic. | +| [`destination`](#parameter-destination) | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | +| [`name`](#parameter-name) | string | The name of the Event Subscription. | +| [`systemTopicName`](#parameter-systemtopicname) | string | Name of the Event Grid System Topic. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `deadLetterDestination` | object | `{object}` | | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | -| `deadLetterWithResourceIdentity` | object | `{object}` | | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | -| `deliveryWithResourceIdentity` | object | `{object}` | | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventDeliverySchema` | string | `'EventGridSchema'` | `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` | The event delivery schema for the event subscription. | -| `expirationTimeUtc` | string | `''` | | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | -| `filter` | object | `{object}` | | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | -| `labels` | array | `[]` | | The list of user defined labels. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `retryPolicy` | object | `{object}` | | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deadLetterDestination`](#parameter-deadletterdestination) | object | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | +| [`deadLetterWithResourceIdentity`](#parameter-deadletterwithresourceidentity) | object | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | +| [`deliveryWithResourceIdentity`](#parameter-deliverywithresourceidentity) | object | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventDeliverySchema`](#parameter-eventdeliveryschema) | string | The event delivery schema for the event subscription. | +| [`expirationTimeUtc`](#parameter-expirationtimeutc) | string | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | +| [`filter`](#parameter-filter) | object | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | +| [`labels`](#parameter-labels) | array | The list of user defined labels. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`retryPolicy`](#parameter-retrypolicy) | object | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | + +### Parameter: `deadLetterDestination` + +Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deadLetterWithResourceIdentity` + +Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deliveryWithResourceIdentity` + +Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `destination` + +The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventDeliverySchema` + +The event delivery schema for the event subscription. +- Required: No +- Type: string +- Default: `'EventGridSchema'` +- Allowed: `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` + +### Parameter: `expirationTimeUtc` + +The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `filter` + +The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `labels` + +The list of user defined labels. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Event Subscription. +- Required: Yes +- Type: string + +### Parameter: `retryPolicy` + +The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemTopicName` + +Name of the Event Grid System Topic. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the event subscription. | diff --git a/modules/event-grid/system-topic/event-subscription/main.json b/modules/event-grid/system-topic/event-subscription/main.json index d01d0b7544..1b3870ba98 100644 --- a/modules/event-grid/system-topic/event-subscription/main.json +++ b/modules/event-grid/system-topic/event-subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2662254923590356448" + "version": "0.22.6.54827", + "templateHash": "10392297144322720436" }, "name": "Event Grid System Topic Event Subscriptions", "description": "This module deploys an Event Grid System Topic Event Subscription.", diff --git a/modules/event-grid/system-topic/main.json b/modules/event-grid/system-topic/main.json index a5d5a0f260..d47e0b9d3f 100644 --- a/modules/event-grid/system-topic/main.json +++ b/modules/event-grid/system-topic/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12331506143348068786" + "version": "0.22.6.54827", + "templateHash": "13215489869065606829" }, "name": "Event Grid System Topics", "description": "This module deploys an Event Grid System Topic.", @@ -276,8 +276,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12279525611210070078" + "version": "0.22.6.54827", + "templateHash": "10392297144322720436" }, "name": "Event Grid System Topic Event Subscriptions", "description": "This module deploys an Event Grid System Topic Event Subscription.", @@ -481,8 +481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3745938905849630295" + "version": "0.22.6.54827", + "templateHash": "12562324298360461829" } }, "parameters": { diff --git a/modules/event-grid/topic/.test/common/main.test.bicep b/modules/event-grid/topic/.test/common/main.test.bicep index c55aa3de33..b78bcf0f8c 100644 --- a/modules/event-grid/topic/.test/common/main.test.bicep +++ b/modules/event-grid/topic/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/topic/.test/min/main.test.bicep b/modules/event-grid/topic/.test/min/main.test.bicep index f55b6f3f86..6e3cc70796 100644 --- a/modules/event-grid/topic/.test/min/main.test.bicep +++ b/modules/event-grid/topic/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/topic/README.md b/modules/event-grid/topic/README.md index 2bf435446a..db0e345ab6 100644 --- a/modules/event-grid/topic/README.md +++ b/modules/event-grid/topic/README.md @@ -5,10 +5,10 @@ This module deploys an Event Grid Topic. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,68 +22,29 @@ This module deploys an Event Grid Topic. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Topic. | - -**Optional parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventSubscriptions` | array | `[]` | | Event subscriptions to deploy. | -| `inboundIpRules` | array | `[]` | | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-grid.topic:1.0.0`. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the event grid topic. | -| `resourceGroupName` | string | The name of the resource group the event grid topic was deployed into. | -| `resourceId` | string | The resource ID of the event grid topic. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module topic './event-grid/topic/main.bicep' = { +module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egtcom' params: { // Required parameters @@ -271,14 +232,17 @@ module topic './event-grid/topic/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module topic './event-grid/topic/main.bicep' = { +module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egtmin' params: { // Required parameters @@ -316,14 +280,14 @@ module topic './event-grid/topic/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module topic './event-grid/topic/main.bicep' = { +module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egtpe' params: { // Required parameters @@ -406,3 +370,173 @@ module topic './event-grid/topic/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Event Grid Topic. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventSubscriptions`](#parameter-eventsubscriptions) | array | Event subscriptions to deploy. | +| [`inboundIpRules`](#parameter-inboundiprules) | array | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DeliveryFailures, PublishFailures]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventSubscriptions` + +Event subscriptions to deploy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `inboundIpRules` + +This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Event Grid Topic. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid topic. | +| `resourceGroupName` | string | The name of the resource group the event grid topic was deployed into. | +| `resourceId` | string | The resource ID of the event grid topic. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/event-grid/topic/event-subscription/README.md b/modules/event-grid/topic/event-subscription/README.md index ae0aee3b5d..ddfd871622 100644 --- a/modules/event-grid/topic/event-subscription/README.md +++ b/modules/event-grid/topic/event-subscription/README.md @@ -19,31 +19,120 @@ This module deploys an Event Grid Topic Event Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `destination` | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | -| `name` | string | The name of the Event Subscription. | -| `topicName` | string | Name of the Event Grid Topic. | +| [`destination`](#parameter-destination) | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | +| [`name`](#parameter-name) | string | The name of the Event Subscription. | +| [`topicName`](#parameter-topicname) | string | Name of the Event Grid Topic. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `deadLetterDestination` | object | `{object}` | | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | -| `deadLetterWithResourceIdentity` | object | `{object}` | | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | -| `deliveryWithResourceIdentity` | object | `{object}` | | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventDeliverySchema` | string | `'EventGridSchema'` | `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` | The event delivery schema for the event subscription. | -| `expirationTimeUtc` | string | `''` | | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | -| `filter` | object | `{object}` | | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | -| `labels` | array | `[]` | | The list of user defined labels. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `retryPolicy` | object | `{object}` | | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deadLetterDestination`](#parameter-deadletterdestination) | object | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | +| [`deadLetterWithResourceIdentity`](#parameter-deadletterwithresourceidentity) | object | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | +| [`deliveryWithResourceIdentity`](#parameter-deliverywithresourceidentity) | object | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventDeliverySchema`](#parameter-eventdeliveryschema) | string | The event delivery schema for the event subscription. | +| [`expirationTimeUtc`](#parameter-expirationtimeutc) | string | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | +| [`filter`](#parameter-filter) | object | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | +| [`labels`](#parameter-labels) | array | The list of user defined labels. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`retryPolicy`](#parameter-retrypolicy) | object | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | + +### Parameter: `deadLetterDestination` + +Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deadLetterWithResourceIdentity` + +Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deliveryWithResourceIdentity` + +Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `destination` + +The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventDeliverySchema` + +The event delivery schema for the event subscription. +- Required: No +- Type: string +- Default: `'EventGridSchema'` +- Allowed: `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` + +### Parameter: `expirationTimeUtc` + +The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `filter` + +The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `labels` + +The list of user defined labels. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Event Subscription. +- Required: Yes +- Type: string + +### Parameter: `retryPolicy` + +The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topicName` + +Name of the Event Grid Topic. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the event subscription. | diff --git a/modules/event-grid/topic/event-subscription/main.json b/modules/event-grid/topic/event-subscription/main.json index 37e87b702f..9891a17599 100644 --- a/modules/event-grid/topic/event-subscription/main.json +++ b/modules/event-grid/topic/event-subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1847712751203709530" + "version": "0.22.6.54827", + "templateHash": "2222106647839764321" }, "name": "EventGrid Topic Event Subscriptions", "description": "This module deploys an Event Grid Topic Event Subscription.", diff --git a/modules/event-grid/topic/main.json b/modules/event-grid/topic/main.json index 7d6e63ce94..f60d2077df 100644 --- a/modules/event-grid/topic/main.json +++ b/modules/event-grid/topic/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2223845646859059604" + "version": "0.22.6.54827", + "templateHash": "17347618398012771479" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -275,8 +275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6395050115112731120" + "version": "0.22.6.54827", + "templateHash": "2222106647839764321" }, "name": "EventGrid Topic Event Subscriptions", "description": "This module deploys an Event Grid Topic Event Subscription.", @@ -492,8 +492,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -692,8 +692,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -830,8 +830,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1044,8 +1044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13615997203559529091" + "version": "0.22.6.54827", + "templateHash": "8293298385688392206" } }, "parameters": { diff --git a/modules/event-hub/namespace/.test/common/main.test.bicep b/modules/event-hub/namespace/.test/common/main.test.bicep index 171a1bad4f..9852491947 100644 --- a/modules/event-hub/namespace/.test/common/main.test.bicep +++ b/modules/event-hub/namespace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-hub/namespace/.test/min/main.test.bicep b/modules/event-hub/namespace/.test/min/main.test.bicep index a1b2f4684b..282a233685 100644 --- a/modules/event-hub/namespace/.test/min/main.test.bicep +++ b/modules/event-hub/namespace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-hub/namespace/README.md b/modules/event-hub/namespace/README.md index 51e0ddece9..de5b7fa061 100644 --- a/modules/event-hub/namespace/README.md +++ b/modules/event-hub/namespace/README.md @@ -5,10 +5,10 @@ This module deploys an Event Hub Namespace. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -27,91 +27,30 @@ This module deploys an Event Hub Namespace. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the event hub namespace. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | - -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-hub.namespace:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Event Hub namespace. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Customer-managed key encryption at rest is only available for namespaces of premium SKU or namespaces created in a Dedicated Cluster. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | This property disables SAS authentication for the Event Hubs namespace. | -| `disasterRecoveryConfig` | _[disasterRecoveryConfig](disaster-recovery-config/README.md)_ object | `{object}` | | The disaster recovery config for this namespace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventhubs` | array | `[]` | | The event hubs to deploy into this namespace. | -| `isAutoInflateEnabled` | bool | `False` | | Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. | -| `kafkaEnabled` | bool | `False` | | Value that indicates whether Kafka is enabled for Event Hubs Namespace. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maximumThroughputUnits` | int | `1` | | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | The minimum TLS version for the cluster to support. | -| `networkRuleSets` | object | `{object}` | | Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled, SecuredByPerimeter]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `requireInfrastructureEncryption` | bool | `False` | | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | | The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. | -| `skuName` | string | `'Standard'` | `[Basic, Premium, Standard]` | event hub plan SKU name. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `False` | | Switch to make the Event Hub Namespace zone redundant. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the eventspace. | -| `resourceGroupName` | string | The resource group where the namespace is deployed. | -| `resourceId` | string | The resource ID of the eventspace. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehncom' params: { // Required parameters @@ -491,14 +430,14 @@ module namespace './event-hub/namespace/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehnenc' params: { // Required parameters @@ -584,14 +523,17 @@ module namespace './event-hub/namespace/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehnmin' params: { // Required parameters @@ -629,14 +571,14 @@ module namespace './event-hub/namespace/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehnpe' params: { // Required parameters @@ -731,3 +673,317 @@ module namespace './event-hub/namespace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the event hub namespace. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Event Hub namespace. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Customer-managed key encryption at rest is only available for namespaces of premium SKU or namespaces created in a Dedicated Cluster. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | This property disables SAS authentication for the Event Hubs namespace. | +| [`disasterRecoveryConfig`](#parameter-disasterrecoveryconfig) | object | The disaster recovery config for this namespace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventhubs`](#parameter-eventhubs) | array | The event hubs to deploy into this namespace. | +| [`isAutoInflateEnabled`](#parameter-isautoinflateenabled) | bool | Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. | +| [`kafkaEnabled`](#parameter-kafkaenabled) | bool | Value that indicates whether Kafka is enabled for Event Hubs Namespace. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maximumThroughputUnits`](#parameter-maximumthroughputunits) | int | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version for the cluster to support. | +| [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuCapacity`](#parameter-skucapacity) | int | The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. | +| [`skuName`](#parameter-skuname) | string | event hub plan SKU name. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the Event Hub Namespace zone redundant. | + +### Parameter: `authorizationRules` + +Authorization Rules for the Event Hub namespace. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Customer-managed key encryption at rest is only available for namespaces of premium SKU or namespaces created in a Dedicated Cluster. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +This property disables SAS authentication for the Event Hubs namespace. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `disasterRecoveryConfig` + +The disaster recovery config for this namespace. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventhubs` + +The event hubs to deploy into this namespace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `isAutoInflateEnabled` + +Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kafkaEnabled` + +Value that indicates whether Kafka is enabled for Event Hubs Namespace. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maximumThroughputUnits` + +Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `minimumTlsVersion` + +The minimum TLS version for the cluster to support. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the event hub namespace. +- Required: Yes +- Type: string + +### Parameter: `networkRuleSets` + +Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled, SecuredByPerimeter]` + +### Parameter: `requireInfrastructureEncryption` + +Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +event hub plan SKU name. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +Switch to make the Event Hub Namespace zone redundant. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the eventspace. | +| `resourceGroupName` | string | The resource group where the namespace is deployed. | +| `resourceId` | string | The resource ID of the eventspace. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/event-hub/namespace/authorization-rule/README.md b/modules/event-hub/namespace/authorization-rule/README.md index b9ccc45325..bbc74cf9cc 100644 --- a/modules/event-hub/namespace/authorization-rule/README.md +++ b/modules/event-hub/namespace/authorization-rule/README.md @@ -19,27 +19,54 @@ This module deploys an Event Hub Namespace Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the resource group the authorization rule was created in. | diff --git a/modules/event-hub/namespace/disaster-recovery-config/README.md b/modules/event-hub/namespace/disaster-recovery-config/README.md index fdd92ebc09..d9ccac42a8 100644 --- a/modules/event-hub/namespace/disaster-recovery-config/README.md +++ b/modules/event-hub/namespace/disaster-recovery-config/README.md @@ -19,27 +19,53 @@ This module deploys an Event Hub Namespace Disaster Recovery Config. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the disaster recovery config. | +| [`name`](#parameter-name) | string | The name of the disaster recovery config. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `partnerNamespaceId` | string | `''` | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`partnerNamespaceId`](#parameter-partnernamespaceid) | string | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the disaster recovery config. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `partnerNamespaceId` + +Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the disaster recovery config. | | `resourceGroupName` | string | The name of the resource group the disaster recovery config was created in. | diff --git a/modules/event-hub/namespace/eventhub/README.md b/modules/event-hub/namespace/eventhub/README.md index de5de70349..006f14d3e3 100644 --- a/modules/event-hub/namespace/eventhub/README.md +++ b/modules/event-hub/namespace/eventhub/README.md @@ -4,12 +4,12 @@ This module deploys an Event Hub Namespace Event Hub. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,45 +23,201 @@ This module deploys an Event Hub Namespace Event Hub. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the event hub. | +| [`name`](#parameter-name) | string | The name of the event hub. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the event hub. | -| `captureDescriptionDestinationArchiveNameFormat` | string | `'{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}'` | | Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. | -| `captureDescriptionDestinationBlobContainer` | string | `''` | | Blob container Name. | -| `captureDescriptionDestinationName` | string | `'EventHubArchive.AzureBlockBlob'` | | Name for capture destination. | -| `captureDescriptionDestinationStorageAccountResourceId` | string | `''` | | Resource ID of the storage account to be used to create the blobs. | -| `captureDescriptionEnabled` | bool | `False` | | A value that indicates whether capture description is enabled. | -| `captureDescriptionEncoding` | string | `'Avro'` | `[Avro, AvroDeflate]` | Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. | -| `captureDescriptionIntervalInSeconds` | int | `300` | | The time window allows you to set the frequency with which the capture to Azure Blobs will happen. | -| `captureDescriptionSizeLimitInBytes` | int | `314572800` | | The size window defines the amount of data built up in your Event Hub before an capture operation. | -| `captureDescriptionSkipEmptyArchives` | bool | `False` | | A value that indicates whether to Skip Empty Archives. | -| `consumergroups` | array | `[System.Management.Automation.OrderedHashtable]` | | The consumer groups to create in this event hub instance. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `messageRetentionInDays` | int | `1` | | Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". | -| `partitionCount` | int | `2` | | Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. | -| `retentionDescriptionCleanupPolicy` | string | `'Delete'` | `[Compact, Delete]` | Retention cleanup policy. Enumerates the possible values for cleanup policy. | -| `retentionDescriptionRetentionTimeInHours` | int | `1` | | Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. | -| `retentionDescriptionTombstoneRetentionTimeInHours` | int | `1` | | Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `status` | string | `'Active'` | `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` | Enumerates the possible values for the status of the Event Hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the event hub. | +| [`captureDescriptionDestinationArchiveNameFormat`](#parameter-capturedescriptiondestinationarchivenameformat) | string | Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. | +| [`captureDescriptionDestinationBlobContainer`](#parameter-capturedescriptiondestinationblobcontainer) | string | Blob container Name. | +| [`captureDescriptionDestinationName`](#parameter-capturedescriptiondestinationname) | string | Name for capture destination. | +| [`captureDescriptionDestinationStorageAccountResourceId`](#parameter-capturedescriptiondestinationstorageaccountresourceid) | string | Resource ID of the storage account to be used to create the blobs. | +| [`captureDescriptionEnabled`](#parameter-capturedescriptionenabled) | bool | A value that indicates whether capture description is enabled. | +| [`captureDescriptionEncoding`](#parameter-capturedescriptionencoding) | string | Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. | +| [`captureDescriptionIntervalInSeconds`](#parameter-capturedescriptionintervalinseconds) | int | The time window allows you to set the frequency with which the capture to Azure Blobs will happen. | +| [`captureDescriptionSizeLimitInBytes`](#parameter-capturedescriptionsizelimitinbytes) | int | The size window defines the amount of data built up in your Event Hub before an capture operation. | +| [`captureDescriptionSkipEmptyArchives`](#parameter-capturedescriptionskipemptyarchives) | bool | A value that indicates whether to Skip Empty Archives. | +| [`consumergroups`](#parameter-consumergroups) | array | The consumer groups to create in this event hub instance. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`messageRetentionInDays`](#parameter-messageretentionindays) | int | Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". | +| [`partitionCount`](#parameter-partitioncount) | int | Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. | +| [`retentionDescriptionCleanupPolicy`](#parameter-retentiondescriptioncleanuppolicy) | string | Retention cleanup policy. Enumerates the possible values for cleanup policy. | +| [`retentionDescriptionRetentionTimeInHours`](#parameter-retentiondescriptionretentiontimeinhours) | int | Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. | +| [`retentionDescriptionTombstoneRetentionTimeInHours`](#parameter-retentiondescriptiontombstoneretentiontimeinhours) | int | Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`status`](#parameter-status) | string | Enumerates the possible values for the status of the Event Hub. | + +### Parameter: `authorizationRules` + +Authorization Rules for the event hub. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `captureDescriptionDestinationArchiveNameFormat` + +Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. +- Required: No +- Type: string +- Default: `'{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}'` + +### Parameter: `captureDescriptionDestinationBlobContainer` + +Blob container Name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `captureDescriptionDestinationName` + +Name for capture destination. +- Required: No +- Type: string +- Default: `'EventHubArchive.AzureBlockBlob'` + +### Parameter: `captureDescriptionDestinationStorageAccountResourceId` + +Resource ID of the storage account to be used to create the blobs. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `captureDescriptionEnabled` + +A value that indicates whether capture description is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `captureDescriptionEncoding` + +Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. +- Required: No +- Type: string +- Default: `'Avro'` +- Allowed: `[Avro, AvroDeflate]` + +### Parameter: `captureDescriptionIntervalInSeconds` + +The time window allows you to set the frequency with which the capture to Azure Blobs will happen. +- Required: No +- Type: int +- Default: `300` + +### Parameter: `captureDescriptionSizeLimitInBytes` + +The size window defines the amount of data built up in your Event Hub before an capture operation. +- Required: No +- Type: int +- Default: `314572800` + +### Parameter: `captureDescriptionSkipEmptyArchives` + +A value that indicates whether to Skip Empty Archives. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `consumergroups` + +The consumer groups to create in this event hub instance. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `messageRetentionInDays` + +Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +The name of the event hub. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `partitionCount` + +Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `retentionDescriptionCleanupPolicy` + +Retention cleanup policy. Enumerates the possible values for cleanup policy. +- Required: No +- Type: string +- Default: `'Delete'` +- Allowed: `[Compact, Delete]` + +### Parameter: `retentionDescriptionRetentionTimeInHours` + +Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `retentionDescriptionTombstoneRetentionTimeInHours` + +Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `status` + +Enumerates the possible values for the status of the Event Hub. +- Required: No +- Type: string +- Default: `'Active'` +- Allowed: `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `eventHubId` | string | The resource ID of the event hub. | | `name` | string | The name of the event hub. | diff --git a/modules/event-hub/namespace/eventhub/authorization-rule/README.md b/modules/event-hub/namespace/eventhub/authorization-rule/README.md index eef9d6b375..5abe5dafa8 100644 --- a/modules/event-hub/namespace/eventhub/authorization-rule/README.md +++ b/modules/event-hub/namespace/eventhub/authorization-rule/README.md @@ -19,28 +19,61 @@ This module deploys an Event Hub Namespace Event Hub Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `eventHubName` | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`eventHubName`](#parameter-eventhubname) | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubName` + +The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the resource group the authorization rule was created in. | diff --git a/modules/event-hub/namespace/eventhub/consumergroup/README.md b/modules/event-hub/namespace/eventhub/consumergroup/README.md index 4749095254..589b4fa044 100644 --- a/modules/event-hub/namespace/eventhub/consumergroup/README.md +++ b/modules/event-hub/namespace/eventhub/consumergroup/README.md @@ -19,28 +19,60 @@ This module deploys an Event Hub Namespace Event Hub Consumer Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the consumer group. | +| [`name`](#parameter-name) | string | The name of the consumer group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `eventHubName` | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. | +| [`eventHubName`](#parameter-eventhubname) | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `userMetadata` | string | `''` | User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`userMetadata`](#parameter-usermetadata) | string | User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubName` + +The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the consumer group. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. +- Required: Yes +- Type: string + +### Parameter: `userMetadata` + +User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the consumer group. | | `resourceGroupName` | string | The name of the resource group the consumer group was created in. | diff --git a/modules/event-hub/namespace/network-rule-set/README.md b/modules/event-hub/namespace/network-rule-set/README.md index 4d10778ca7..a0ac082d1c 100644 --- a/modules/event-hub/namespace/network-rule-set/README.md +++ b/modules/event-hub/namespace/network-rule-set/README.md @@ -19,25 +19,75 @@ This module deploys an Event Hub Namespace Network Rule Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `defaultAction` | string | `'Allow'` | `[Allow, Deny]` | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipRules` | array | `[]` | | An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | -| `trustedServiceAccessEnabled` | bool | `True` | | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | -| `virtualNetworkRules` | array | `[]` | | An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`defaultAction`](#parameter-defaultaction) | string | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipRules`](#parameter-iprules) | array | An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | +| [`trustedServiceAccessEnabled`](#parameter-trustedserviceaccessenabled) | bool | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | +| [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | + +### Parameter: `defaultAction` + +Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. +- Required: No +- Type: string +- Default: `'Allow'` +- Allowed: `[Allow, Deny]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipRules` + +An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `trustedServiceAccessEnabled` + +Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `virtualNetworkRules` + +An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the network rule set. | | `resourceGroupName` | string | The name of the resource group the network rule set was created in. | diff --git a/modules/health-bot/health-bot/.test/common/main.test.bicep b/modules/health-bot/health-bot/.test/common/main.test.bicep index 7ec0798687..25523eb3d0 100644 --- a/modules/health-bot/health-bot/.test/common/main.test.bicep +++ b/modules/health-bot/health-bot/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/health-bot/health-bot/.test/min/main.test.bicep b/modules/health-bot/health-bot/.test/min/main.test.bicep index 7810dc31de..6c9996b611 100644 --- a/modules/health-bot/health-bot/.test/min/main.test.bicep +++ b/modules/health-bot/health-bot/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/health-bot/health-bot/README.md b/modules/health-bot/health-bot/README.md index f56a72df16..fe8b3adee4 100644 --- a/modules/health-bot/health-bot/README.md +++ b/modules/health-bot/health-bot/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Health Bot. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,55 +18,28 @@ This module deploys an Azure Health Bot. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.HealthBot/healthBots` | [2022-08-08](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/2022-08-08/healthBots) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the resource. | -| `sku` | string | `[C0, F0, S1]` | The name of the Azure Health Bot SKU. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the health bot. | -| `resourceGroupName` | string | The resource group the health bot was deployed into. | -| `resourceId` | string | The resource ID of the health bot. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/health-bot.health-bot:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module healthBot './health-bot/health-bot/main.bicep' = { +module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-hbhbcom' params: { // Required parameters @@ -152,14 +125,17 @@ module healthBot './health-bot/health-bot/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module healthBot './health-bot/health-bot/main.bicep' = { +module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-hbhbmin' params: { // Required parameters @@ -200,3 +176,94 @@ module healthBot './health-bot/health-bot/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the resource. | +| [`sku`](#parameter-sku) | string | The name of the Azure Health Bot SKU. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the resource. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the Azure Health Bot SKU. +- Required: Yes +- Type: string +- Allowed: `[C0, F0, S1]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the health bot. | +| `resourceGroupName` | string | The resource group the health bot was deployed into. | +| `resourceId` | string | The resource ID of the health bot. | + +## Cross-referenced modules + +_None_ diff --git a/modules/health-bot/health-bot/main.json b/modules/health-bot/health-bot/main.json index 1b2888ef2a..517c93ef00 100644 --- a/modules/health-bot/health-bot/main.json +++ b/modules/health-bot/health-bot/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13417269663268591312" + "version": "0.22.6.54827", + "templateHash": "1397739701759067802" }, "name": "Azure Health Bots", "description": "This module deploys an Azure Health Bot.", @@ -156,8 +156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9746468105018607304" + "version": "0.22.6.54827", + "templateHash": "4105513755228551985" } }, "parameters": { diff --git a/modules/healthcare-apis/workspace/.test/common/main.test.bicep b/modules/healthcare-apis/workspace/.test/common/main.test.bicep index 2baa190bdb..e64ff1eea7 100644 --- a/modules/healthcare-apis/workspace/.test/common/main.test.bicep +++ b/modules/healthcare-apis/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/healthcare-apis/workspace/.test/min/main.test.bicep b/modules/healthcare-apis/workspace/.test/min/main.test.bicep index 6399106a53..95061177c5 100644 --- a/modules/healthcare-apis/workspace/.test/min/main.test.bicep +++ b/modules/healthcare-apis/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/healthcare-apis/workspace/README.md b/modules/healthcare-apis/workspace/README.md index 8e99abc232..075bb5dbba 100644 --- a/modules/healthcare-apis/workspace/README.md +++ b/modules/healthcare-apis/workspace/README.md @@ -5,10 +5,10 @@ This module deploys a Healthcare API Workspace. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -24,155 +24,28 @@ This module deploys a Healthcare API Workspace. | `Microsoft.HealthcareApis/workspaces/iotconnectors/fhirdestinations` | [2022-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthcareApis/workspaces) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Health Data Services Workspace service. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dicomservices` | array | `[]` | | Deploy DICOM services. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `fhirservices` | array | `[]` | | Deploy FHIR services. | -| `iotconnectors` | array | `[]` | | Deploy IOT connectors. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `fhirservices` - -Create a FHIR service with the workspace. - -

- -Parameter JSON format - -```json -"fhirServices": { - "value": [ - { - "name": "[[namePrefix]]-az-fhir-x-001", - "kind": "fhir-R4", - "workspaceName": "[[namePrefix]]001", - "corsOrigins": [ "*" ], - "corsHeaders": [ "*" ], - "corsMethods": [ "GET" ], - "corsMaxAge": 600, - "corsAllowCredentials": false, - "location": "[[location]]", - "diagnosticStorageAccountId": "[[storageAccountResourceId]]", - "diagnosticWorkspaceId": "[[logAnalyticsWorkspaceResourceId]]", - "diagnosticEventHubAuthorizationRuleId": "[[eventHubAuthorizationRuleId]]", - "diagnosticEventHubName": "[[eventHubNamespaceEventHubName]]", - "publicNetworkAccess": "Enabled", - "resourceVersionPolicy": "versioned", - "smartProxyEnabled": false, - "enableDefaultTelemetry": false, - "systemAssignedIdentity": true, - "importEnabled": false, - "initialImportMode": false, - "userAssignedIdentities": { - "[[managedIdentityResourceId]]": {} - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Role Name", - "principalIds": [ - "managedIdentityPrincipalId" - ], - "principalType": "ServicePrincipal" - } - ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -fhirServices: [ - { - name: '[[namePrefix]]-az-fhir-x-001' - kind: 'fhir-R4' - workspaceName: '[[namePrefix]]001' - corsOrigins: [ '*' ] - corsHeaders: [ '*' ] - corsMethods: [ 'GET' ] - corsMaxAge: 600 - corsAllowCredentials: false - location: location - diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId - diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - publicNetworkAccess: 'Enabled' - resourceVersionPolicy: 'versioned' - smartProxyEnabled: false - enableDefaultTelemetry: enableDefaultTelemetry - systemAssignedIdentity: true - importEnabled: false - initialImportMode: false - userAssignedIdentities: { - '${resourceGroupResources.outputs.managedIdentityResourceId}': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: resourceId('Microsoft.Authorization/roleDefinitions', '5a1fc7df-4bf1-4951-a576-89034ee01acd') - principalIds: [ - resourceGroupResources.outputs.managedIdentityPrincipalId - ] - principalType: 'ServicePrincipal' - } - ] - } -] -``` - -
-

- - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the health data services workspace. | -| `resourceGroupName` | string | The resource group where the workspace is deployed. | -| `resourceId` | string | The resource ID of the health data services workspace. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/healthcare-apis.workspace:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module workspace './healthcare-apis/workspace/main.bicep' = { +module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { name: '${uniqueString(deployment().name)}-test-hawcom' params: { // Required parameters @@ -378,14 +251,17 @@ module workspace './healthcare-apis/workspace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './healthcare-apis/workspace/main.bicep' = { +module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { name: '${uniqueString(deployment().name)}-test-hawmin' params: { // Required parameters @@ -432,6 +308,113 @@ module workspace './healthcare-apis/workspace/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Health Data Services Workspace service. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dicomservices`](#parameter-dicomservices) | array | Deploy DICOM services. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`fhirservices`](#parameter-fhirservices) | array | Deploy FHIR services. | +| [`iotconnectors`](#parameter-iotconnectors) | array | Deploy IOT connectors. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `dicomservices` + +Deploy DICOM services. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fhirservices` + +Deploy FHIR services. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `iotconnectors` + +Deploy IOT connectors. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Health Data Services Workspace service. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the health data services workspace. | +| `resourceGroupName` | string | The resource group where the workspace is deployed. | +| `resourceId` | string | The resource ID of the health data services workspace. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `iotconnectors` diff --git a/modules/healthcare-apis/workspace/dicomservice/README.md b/modules/healthcare-apis/workspace/dicomservice/README.md index f335d27de0..4fa8abe468 100644 --- a/modules/healthcare-apis/workspace/dicomservice/README.md +++ b/modules/healthcare-apis/workspace/dicomservice/README.md @@ -21,43 +21,185 @@ This module deploys a Healthcare API Workspace DICOM Service. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the DICOM service. | +| [`name`](#parameter-name) | string | The name of the DICOM service. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `corsAllowCredentials` | bool | `False` | | Use this setting to indicate that cookies should be included in CORS requests. | -| `corsHeaders` | array | `[]` | | Specify HTTP headers which can be used during the request. Use "*" for any header. | -| `corsMaxAge` | int | `-1` | | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | -| `corsMethods` | array | `[]` | `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` | Specify the allowed HTTP methods. | -| `corsOrigins` | array | `[]` | | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AuditLogs]` | `[AuditLogs]` | The name of logs that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`corsAllowCredentials`](#parameter-corsallowcredentials) | bool | Use this setting to indicate that cookies should be included in CORS requests. | +| [`corsHeaders`](#parameter-corsheaders) | array | Specify HTTP headers which can be used during the request. Use "*" for any header. | +| [`corsMaxAge`](#parameter-corsmaxage) | int | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | +| [`corsMethods`](#parameter-corsmethods) | array | Specify the allowed HTTP methods. | +| [`corsOrigins`](#parameter-corsorigins) | array | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `corsAllowCredentials` + +Use this setting to indicate that cookies should be included in CORS requests. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `corsHeaders` + +Specify HTTP headers which can be used during the request. Use "*" for any header. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `corsMaxAge` + +Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `corsMethods` + +Specify the allowed HTTP methods. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` + +### Parameter: `corsOrigins` + +Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[AuditLogs]` +- Allowed: `[AuditLogs]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the DICOM service. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the dicom service. | diff --git a/modules/healthcare-apis/workspace/dicomservice/main.json b/modules/healthcare-apis/workspace/dicomservice/main.json index e9d301126e..bd72aa17df 100644 --- a/modules/healthcare-apis/workspace/dicomservice/main.json +++ b/modules/healthcare-apis/workspace/dicomservice/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13236257936604632093" + "version": "0.22.6.54827", + "templateHash": "12318721261811271092" }, "name": "Healthcare API Workspace DICOM Services", "description": "This module deploys a Healthcare API Workspace DICOM Service.", diff --git a/modules/healthcare-apis/workspace/fhirservice/README.md b/modules/healthcare-apis/workspace/fhirservice/README.md index a4b3d407cf..710e6b336b 100644 --- a/modules/healthcare-apis/workspace/fhirservice/README.md +++ b/modules/healthcare-apis/workspace/fhirservice/README.md @@ -23,58 +23,308 @@ This module deploys a Healthcare API Workspace FHIR Service. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the FHIR service. | +| [`name`](#parameter-name) | string | The name of the FHIR service. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessPolicyObjectIds` | array | `[]` | | List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. | -| `acrLoginServers` | array | `[]` | | The list of the Azure container registry login servers. | -| `acrOciArtifacts` | array | `[]` | | The list of Open Container Initiative (OCI) artifacts. | -| `authenticationAudience` | string | `[format('https://{0}-{1}.fhir.azurehealthcareapis.com', parameters('workspaceName'), parameters('name'))]` | | The audience url for the service. | -| `authenticationAuthority` | string | `[uri(environment().authentication.loginEndpoint, subscription().tenantId)]` | | The authority url for the service. | -| `corsAllowCredentials` | bool | `False` | | Use this setting to indicate that cookies should be included in CORS requests. | -| `corsHeaders` | array | `[]` | | Specify HTTP headers which can be used during the request. Use "*" for any header. | -| `corsMaxAge` | int | `-1` | | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | -| `corsMethods` | array | `[]` | `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` | Specify the allowed HTTP methods. | -| `corsOrigins` | array | `[]` | | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AuditLogs]` | `[AuditLogs]` | The name of logs that will be streamed. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `exportStorageAccountName` | string | `''` | | The name of the default export storage account. | -| `importEnabled` | bool | `False` | | If the import operation is enabled. | -| `importStorageAccountName` | string | `''` | | The name of the default integration storage account. | -| `initialImportMode` | bool | `False` | | If the FHIR service is in InitialImportMode. | -| `kind` | string | `'fhir-R4'` | `[fhir-R4, fhir-Stu3]` | The kind of the service. Defaults to R4. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `resourceVersionOverrides` | object | `{object}` | | A list of FHIR Resources and their version policy overrides. | -| `resourceVersionPolicy` | string | `'versioned'` | `[no-version, versioned, versioned-update]` | The default value for tracking history across all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smartProxyEnabled` | bool | `False` | | If the SMART on FHIR proxy is enabled. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessPolicyObjectIds`](#parameter-accesspolicyobjectids) | array | List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. | +| [`acrLoginServers`](#parameter-acrloginservers) | array | The list of the Azure container registry login servers. | +| [`acrOciArtifacts`](#parameter-acrociartifacts) | array | The list of Open Container Initiative (OCI) artifacts. | +| [`authenticationAudience`](#parameter-authenticationaudience) | string | The audience url for the service. | +| [`authenticationAuthority`](#parameter-authenticationauthority) | string | The authority url for the service. | +| [`corsAllowCredentials`](#parameter-corsallowcredentials) | bool | Use this setting to indicate that cookies should be included in CORS requests. | +| [`corsHeaders`](#parameter-corsheaders) | array | Specify HTTP headers which can be used during the request. Use "*" for any header. | +| [`corsMaxAge`](#parameter-corsmaxage) | int | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | +| [`corsMethods`](#parameter-corsmethods) | array | Specify the allowed HTTP methods. | +| [`corsOrigins`](#parameter-corsorigins) | array | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`exportStorageAccountName`](#parameter-exportstorageaccountname) | string | The name of the default export storage account. | +| [`importEnabled`](#parameter-importenabled) | bool | If the import operation is enabled. | +| [`importStorageAccountName`](#parameter-importstorageaccountname) | string | The name of the default integration storage account. | +| [`initialImportMode`](#parameter-initialimportmode) | bool | If the FHIR service is in InitialImportMode. | +| [`kind`](#parameter-kind) | string | The kind of the service. Defaults to R4. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`resourceVersionOverrides`](#parameter-resourceversionoverrides) | object | A list of FHIR Resources and their version policy overrides. | +| [`resourceVersionPolicy`](#parameter-resourceversionpolicy) | string | The default value for tracking history across all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`smartProxyEnabled`](#parameter-smartproxyenabled) | bool | If the SMART on FHIR proxy is enabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `accessPolicyObjectIds` + +List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `acrLoginServers` + +The list of the Azure container registry login servers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `acrOciArtifacts` + +The list of Open Container Initiative (OCI) artifacts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authenticationAudience` + +The audience url for the service. +- Required: No +- Type: string +- Default: `[format('https://{0}-{1}.fhir.azurehealthcareapis.com', parameters('workspaceName'), parameters('name'))]` + +### Parameter: `authenticationAuthority` + +The authority url for the service. +- Required: No +- Type: string +- Default: `[uri(environment().authentication.loginEndpoint, subscription().tenantId)]` + +### Parameter: `corsAllowCredentials` + +Use this setting to indicate that cookies should be included in CORS requests. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `corsHeaders` + +Specify HTTP headers which can be used during the request. Use "*" for any header. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `corsMaxAge` + +Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `corsMethods` + +Specify the allowed HTTP methods. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` + +### Parameter: `corsOrigins` + +Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[AuditLogs]` +- Allowed: `[AuditLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exportStorageAccountName` + +The name of the default export storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `importEnabled` + +If the import operation is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `importStorageAccountName` + +The name of the default integration storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `initialImportMode` + +If the FHIR service is in InitialImportMode. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kind` + +The kind of the service. Defaults to R4. +- Required: No +- Type: string +- Default: `'fhir-R4'` +- Allowed: `[fhir-R4, fhir-Stu3]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the FHIR service. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `resourceVersionOverrides` + +A list of FHIR Resources and their version policy overrides. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceVersionPolicy` + +The default value for tracking history across all resources. +- Required: No +- Type: string +- Default: `'versioned'` +- Allowed: `[no-version, versioned, versioned-update]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `smartProxyEnabled` + +If the SMART on FHIR proxy is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the fhir service. | diff --git a/modules/healthcare-apis/workspace/fhirservice/main.json b/modules/healthcare-apis/workspace/fhirservice/main.json index 33998d37da..96a6c13806 100644 --- a/modules/healthcare-apis/workspace/fhirservice/main.json +++ b/modules/healthcare-apis/workspace/fhirservice/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3716031618750035294" + "version": "0.22.6.54827", + "templateHash": "11687946305671678451" }, "name": "Healthcare API Workspace FHIR Services", "description": "This module deploys a Healthcare API Workspace FHIR Service.", @@ -446,8 +446,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13975136606830731755" + "version": "0.22.6.54827", + "templateHash": "13260238293612966350" } }, "parameters": { diff --git a/modules/healthcare-apis/workspace/iotconnector/README.md b/modules/healthcare-apis/workspace/iotconnector/README.md index e23cdfb648..d250583016 100644 --- a/modules/healthcare-apis/workspace/iotconnector/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/README.md @@ -23,43 +23,182 @@ This module deploys a Healthcare API Workspace IoT Connector. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `deviceMapping` | object | `{object}` | The mapping JSON that determines how incoming device data is normalized. | -| `eventHubName` | string | | Event Hub name to connect to. | -| `eventHubNamespaceName` | string | | Namespace of the Event Hub to connect to. | -| `name` | string | | The name of the MedTech service. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deviceMapping`](#parameter-devicemapping) | object | The mapping JSON that determines how incoming device data is normalized. | +| [`eventHubName`](#parameter-eventhubname) | string | Event Hub name to connect to. | +| [`eventHubNamespaceName`](#parameter-eventhubnamespacename) | string | Namespace of the Event Hub to connect to. | +| [`name`](#parameter-name) | string | The name of the MedTech service. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `consumerGroup` | string | `[parameters('name')]` | | Consumer group of the event hub to connected to. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DiagnosticLogs]` | `[DiagnosticLogs]` | The name of logs that will be streamed. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `fhirdestination` | _[fhirdestination](fhirdestination/README.md)_ object | `{object}` | | FHIR Destination. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`consumerGroup`](#parameter-consumergroup) | string | Consumer group of the event hub to connected to. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`fhirdestination`](#parameter-fhirdestination) | object | FHIR Destination. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `consumerGroup` + +Consumer group of the event hub to connected to. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `deviceMapping` + +The mapping JSON that determines how incoming device data is normalized. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[DiagnosticLogs]` +- Allowed: `[DiagnosticLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubName` + +Event Hub name to connect to. +- Required: Yes +- Type: string + +### Parameter: `eventHubNamespaceName` + +Namespace of the Event Hub to connect to. +- Required: Yes +- Type: string + +### Parameter: `fhirdestination` + +FHIR Destination. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the MedTech service. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the medtech service. | diff --git a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md index 9a81a65c63..16df71b996 100644 --- a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md @@ -20,31 +20,84 @@ This module deploys a Healthcare API Workspace IoT Connector FHIR Destination. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `destinationMapping` | object | `{object}` | The mapping JSON that determines how normalized data is converted to FHIR Observations. | -| `fhirServiceResourceId` | string | | The resource identifier of the FHIR Service to connect to. | -| `name` | string | | The name of the FHIR destination. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`destinationMapping`](#parameter-destinationmapping) | object | The mapping JSON that determines how normalized data is converted to FHIR Observations. | +| [`fhirServiceResourceId`](#parameter-fhirserviceresourceid) | string | The resource identifier of the FHIR Service to connect to. | +| [`name`](#parameter-name) | string | The name of the FHIR destination. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `iotConnectorName` | string | The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`iotConnectorName`](#parameter-iotconnectorname) | string | The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `resourceIdentityResolutionType` | string | `'Lookup'` | `[Create, Lookup]` | Determines how resource identity is resolved on the destination. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`resourceIdentityResolutionType`](#parameter-resourceidentityresolutiontype) | string | Determines how resource identity is resolved on the destination. | + +### Parameter: `destinationMapping` + +The mapping JSON that determines how normalized data is converted to FHIR Observations. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fhirServiceResourceId` + +The resource identifier of the FHIR Service to connect to. +- Required: Yes +- Type: string + +### Parameter: `iotConnectorName` + +The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the FHIR destination. +- Required: Yes +- Type: string + +### Parameter: `resourceIdentityResolutionType` + +Determines how resource identity is resolved on the destination. +- Required: No +- Type: string +- Default: `'Lookup'` +- Allowed: `[Create, Lookup]` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `iotConnectorName` | string | The name of the medtech service. | | `location` | string | The location the resource was deployed into. | diff --git a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json index b48bcb3727..8f1f5ff94d 100644 --- a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json +++ b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18442235072798053221" + "version": "0.22.6.54827", + "templateHash": "10973515077627017376" }, "name": "Healthcare API Workspace IoT Connector FHIR Destinations", "description": "This module deploys a Healthcare API Workspace IoT Connector FHIR Destination.", diff --git a/modules/healthcare-apis/workspace/iotconnector/main.json b/modules/healthcare-apis/workspace/iotconnector/main.json index 63bb75e273..cce29e9a45 100644 --- a/modules/healthcare-apis/workspace/iotconnector/main.json +++ b/modules/healthcare-apis/workspace/iotconnector/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16981578699165858107" + "version": "0.22.6.54827", + "templateHash": "3714179156189652458" }, "name": "Healthcare API Workspace IoT Connectors", "description": "This module deploys a Healthcare API Workspace IoT Connector.", @@ -295,8 +295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18442235072798053221" + "version": "0.22.6.54827", + "templateHash": "10973515077627017376" }, "name": "Healthcare API Workspace IoT Connector FHIR Destinations", "description": "This module deploys a Healthcare API Workspace IoT Connector FHIR Destination.", diff --git a/modules/healthcare-apis/workspace/main.json b/modules/healthcare-apis/workspace/main.json index 6ea7262bfa..3437138b45 100644 --- a/modules/healthcare-apis/workspace/main.json +++ b/modules/healthcare-apis/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10903561527048363978" + "version": "0.22.6.54827", + "templateHash": "5818866804276261569" }, "name": "Healthcare API Workspaces", "description": "This module deploys a Healthcare API Workspace.", @@ -168,8 +168,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14482455306867053366" + "version": "0.22.6.54827", + "templateHash": "4822666259108954856" } }, "parameters": { @@ -356,8 +356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17348973963835618248" + "version": "0.22.6.54827", + "templateHash": "11687946305671678451" }, "name": "Healthcare API Workspace FHIR Services", "description": "This module deploys a Healthcare API Workspace FHIR Service.", @@ -798,8 +798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5237941464164481673" + "version": "0.22.6.54827", + "templateHash": "13260238293612966350" } }, "parameters": { @@ -1020,8 +1020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14081576760153046183" + "version": "0.22.6.54827", + "templateHash": "12318721261811271092" }, "name": "Healthcare API Workspace DICOM Services", "description": "This module deploys a Healthcare API Workspace DICOM Service.", @@ -1365,8 +1365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7419022677033687481" + "version": "0.22.6.54827", + "templateHash": "3714179156189652458" }, "name": "Healthcare API Workspace IoT Connectors", "description": "This module deploys a Healthcare API Workspace IoT Connector.", @@ -1656,8 +1656,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8944835312780233488" + "version": "0.22.6.54827", + "templateHash": "10973515077627017376" }, "name": "Healthcare API Workspace IoT Connector FHIR Destinations", "description": "This module deploys a Healthcare API Workspace IoT Connector FHIR Destination.", diff --git a/modules/insights/action-group/.test/common/main.test.bicep b/modules/insights/action-group/.test/common/main.test.bicep index cbc7e3e4f2..4f4d8071b8 100644 --- a/modules/insights/action-group/.test/common/main.test.bicep +++ b/modules/insights/action-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/action-group/.test/min/main.test.bicep b/modules/insights/action-group/.test/min/main.test.bicep index e4cdbfbdce..22938cd7a3 100644 --- a/modules/insights/action-group/.test/min/main.test.bicep +++ b/modules/insights/action-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/action-group/README.md b/modules/insights/action-group/README.md index 65ef94f1ad..fd46d2712c 100644 --- a/modules/insights/action-group/README.md +++ b/modules/insights/action-group/README.md @@ -5,10 +5,10 @@ This module deploys an Action Group. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -18,64 +18,28 @@ This module deploys an Action Group. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/actionGroups` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2023-01-01/actionGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `groupShortName` | string | The short name of the action group. | -| `name` | string | The name of the action group. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `armRoleReceivers` | array | `[]` | The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. | -| `automationRunbookReceivers` | array | `[]` | The list of AutomationRunbook receivers that are part of this action group. | -| `azureAppPushReceivers` | array | `[]` | The list of AzureAppPush receivers that are part of this action group. | -| `azureFunctionReceivers` | array | `[]` | The list of function receivers that are part of this action group. | -| `emailReceivers` | array | `[]` | The list of email receivers that are part of this action group. | -| `enabled` | bool | `True` | Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `itsmReceivers` | array | `[]` | The list of ITSM receivers that are part of this action group. | -| `location` | string | `'global'` | Location for all resources. | -| `logicAppReceivers` | array | `[]` | The list of logic app receivers that are part of this action group. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smsReceivers` | array | `[]` | The list of SMS receivers that are part of this action group. | -| `tags` | object | `{object}` | Tags of the resource. | -| `voiceReceivers` | array | `[]` | The list of voice receivers that are part of this action group. | -| `webhookReceivers` | array | `[]` | The list of webhook receivers that are part of this action group. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the action group . | -| `resourceGroupName` | string | The resource group the action group was deployed into. | -| `resourceId` | string | The resource ID of the action group . | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.action-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module actionGroup './insights/action-group/main.bicep' = { +module actionGroup 'br:bicep/modules/insights.action-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iagcom' params: { // Required parameters @@ -189,14 +153,17 @@ module actionGroup './insights/action-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module actionGroup './insights/action-group/main.bicep' = { +module actionGroup 'br:bicep/modules/insights.action-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iagmin' params: { // Required parameters @@ -239,6 +206,166 @@ module actionGroup './insights/action-group/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`groupShortName`](#parameter-groupshortname) | string | The short name of the action group. | +| [`name`](#parameter-name) | string | The name of the action group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`armRoleReceivers`](#parameter-armrolereceivers) | array | The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. | +| [`automationRunbookReceivers`](#parameter-automationrunbookreceivers) | array | The list of AutomationRunbook receivers that are part of this action group. | +| [`azureAppPushReceivers`](#parameter-azureapppushreceivers) | array | The list of AzureAppPush receivers that are part of this action group. | +| [`azureFunctionReceivers`](#parameter-azurefunctionreceivers) | array | The list of function receivers that are part of this action group. | +| [`emailReceivers`](#parameter-emailreceivers) | array | The list of email receivers that are part of this action group. | +| [`enabled`](#parameter-enabled) | bool | Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`itsmReceivers`](#parameter-itsmreceivers) | array | The list of ITSM receivers that are part of this action group. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`logicAppReceivers`](#parameter-logicappreceivers) | array | The list of logic app receivers that are part of this action group. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`smsReceivers`](#parameter-smsreceivers) | array | The list of SMS receivers that are part of this action group. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`voiceReceivers`](#parameter-voicereceivers) | array | The list of voice receivers that are part of this action group. | +| [`webhookReceivers`](#parameter-webhookreceivers) | array | The list of webhook receivers that are part of this action group. | + +### Parameter: `armRoleReceivers` + +The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `automationRunbookReceivers` + +The list of AutomationRunbook receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureAppPushReceivers` + +The list of AzureAppPush receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureFunctionReceivers` + +The list of function receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `emailReceivers` + +The list of email receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enabled` + +Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groupShortName` + +The short name of the action group. +- Required: Yes +- Type: string + +### Parameter: `itsmReceivers` + +The list of ITSM receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `logicAppReceivers` + +The list of logic app receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the action group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `smsReceivers` + +The list of SMS receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `voiceReceivers` + +The list of voice receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `webhookReceivers` + +The list of webhook receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the action group . | +| `resourceGroupName` | string | The resource group the action group was deployed into. | +| `resourceId` | string | The resource ID of the action group . | + +## Cross-referenced modules + +_None_ + ## Notes - Receiver name must be unique across the ActionGroup. diff --git a/modules/insights/activity-log-alert/.test/common/main.test.bicep b/modules/insights/activity-log-alert/.test/common/main.test.bicep index f95e1529af..49d570477c 100644 --- a/modules/insights/activity-log-alert/.test/common/main.test.bicep +++ b/modules/insights/activity-log-alert/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/activity-log-alert/README.md b/modules/insights/activity-log-alert/README.md index 4e9a5b012e..0e825a2959 100644 --- a/modules/insights/activity-log-alert/README.md +++ b/modules/insights/activity-log-alert/README.md @@ -5,10 +5,10 @@ This module deploys an Activity Log Alert. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -17,57 +17,27 @@ This module deploys an Activity Log Alert. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/activityLogAlerts` | [2020-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-10-01/activityLogAlerts) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `conditions` | array | An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). | -| `name` | string | The name of the alert. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | The list of actions to take when alert triggers. | -| `alertDescription` | string | `''` | Description of the alert. | -| `enabled` | bool | `True` | Indicates whether this alert is enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | Location for all resources. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopes` | array | `[[subscription().id]]` | The list of resource IDs that this Activity Log Alert is scoped to. | -| `tags` | object | `{object}` | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the activity log alert. | -| `resourceGroupName` | string | The resource group the activity log alert was deployed into. | -| `resourceId` | string | The resource ID of the activity log alert. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.activity-log-alert:1.0.0`. -## Cross-referenced modules +- [Using large parameter set](#example-1-using-large-parameter-set) -_None_ +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module activityLogAlert './insights/activity-log-alert/main.bicep' = { +module activityLogAlert 'br:bicep/modules/insights.activity-log-alert:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ialacom' params: { // Required parameters @@ -222,3 +192,108 @@ module activityLogAlert './insights/activity-log-alert/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`conditions`](#parameter-conditions) | array | An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). | +| [`name`](#parameter-name) | string | The name of the alert. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | The list of actions to take when alert triggers. | +| [`alertDescription`](#parameter-alertdescription) | string | Description of the alert. | +| [`enabled`](#parameter-enabled) | bool | Indicates whether this alert is enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopes`](#parameter-scopes) | array | The list of resource IDs that this Activity Log Alert is scoped to. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `actions` + +The list of actions to take when alert triggers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `alertDescription` + +Description of the alert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditions` + +An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). +- Required: Yes +- Type: array + +### Parameter: `enabled` + +Indicates whether this alert is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `name` + +The name of the alert. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopes` + +The list of resource IDs that this Activity Log Alert is scoped to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the activity log alert. | +| `resourceGroupName` | string | The resource group the activity log alert was deployed into. | +| `resourceId` | string | The resource ID of the activity log alert. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/component/.test/common/main.test.bicep b/modules/insights/component/.test/common/main.test.bicep index bb1280676e..31b26886ab 100644 --- a/modules/insights/component/.test/common/main.test.bicep +++ b/modules/insights/component/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/component/.test/min/main.test.bicep b/modules/insights/component/.test/min/main.test.bicep index 7e5bd974e5..965482d24d 100644 --- a/modules/insights/component/.test/min/main.test.bicep +++ b/modules/insights/component/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/component/README.md b/modules/insights/component/README.md index 815a655d02..161ac02871 100644 --- a/modules/insights/component/README.md +++ b/modules/insights/component/README.md @@ -5,10 +5,10 @@ This component deploys an Application Insights instance. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,68 +18,28 @@ This component deploys an Application Insights instance. | `Microsoft.Insights/components` | [2020-02-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Insights. | -| `workspaceResourceId` | string | Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applicationType` | string | `'web'` | `[other, web]` | Application type. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AppAvailabilityResults, AppBrowserTimings, AppDependencies, AppEvents, AppExceptions, AppMetrics, AppPageViews, AppPerformanceCounters, AppRequests, AppSystemEvents, AppTraces]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `kind` | string | `''` | | The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `publicNetworkAccessForIngestion` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Application Insights ingestion. - Enabled or Disabled. | -| `publicNetworkAccessForQuery` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Application Insights query. - Enabled or Disabled. | -| `retentionInDays` | int | `365` | `[30, 60, 90, 120, 180, 270, 365, 550, 730]` | Retention period in days. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `samplingPercentage` | int | `100` | | Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `applicationId` | string | The application ID of the application insights component. | -| `instrumentationKey` | string | Application Insights Instrumentation key. A read-only value that applications can use to identify the destination for all telemetry sent to Azure Application Insights. This value will be supplied upon construction of each new Application Insights component. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application insights component. | -| `resourceGroupName` | string | The resource group the application insights component was deployed into. | -| `resourceId` | string | The resource ID of the application insights component. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.component:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module component './insights/component/main.bicep' = { +module component 'br:bicep/modules/insights.component:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iccom' params: { // Required parameters @@ -169,14 +129,17 @@ module component './insights/component/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module component './insights/component/main.bicep' = { +module component 'br:bicep/modules/insights.component:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-icmin' params: { // Required parameters @@ -217,3 +180,188 @@ module component './insights/component/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Insights. | +| [`workspaceResourceId`](#parameter-workspaceresourceid) | string | Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationType`](#parameter-applicationtype) | string | Application type. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`kind`](#parameter-kind) | string | The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Application Insights ingestion. - Enabled or Disabled. | +| [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Application Insights query. - Enabled or Disabled. | +| [`retentionInDays`](#parameter-retentionindays) | int | Retention period in days. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`samplingPercentage`](#parameter-samplingpercentage) | int | Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `applicationType` + +Application type. +- Required: No +- Type: string +- Default: `'web'` +- Allowed: `[other, web]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AppAvailabilityResults, AppBrowserTimings, AppDependencies, AppEvents, AppExceptions, AppMetrics, AppPageViews, AppPerformanceCounters, AppRequests, AppSystemEvents, AppTraces]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Application Insights. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccessForIngestion` + +The network access type for accessing Application Insights ingestion. - Enabled or Disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `publicNetworkAccessForQuery` + +The network access type for accessing Application Insights query. - Enabled or Disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `retentionInDays` + +Retention period in days. +- Required: No +- Type: int +- Default: `365` +- Allowed: `[30, 60, 90, 120, 180, 270, 365, 550, 730]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `samplingPercentage` + +Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceResourceId` + +Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `applicationId` | string | The application ID of the application insights component. | +| `instrumentationKey` | string | Application Insights Instrumentation key. A read-only value that applications can use to identify the destination for all telemetry sent to Azure Application Insights. This value will be supplied upon construction of each new Application Insights component. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application insights component. | +| `resourceGroupName` | string | The resource group the application insights component was deployed into. | +| `resourceId` | string | The resource ID of the application insights component. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/component/main.json b/modules/insights/component/main.json index 8e2f175e45..b3eddedc41 100644 --- a/modules/insights/component/main.json +++ b/modules/insights/component/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17654702224690381000" + "version": "0.22.6.54827", + "templateHash": "10525905837638712461" }, "name": "Application Insights", "description": "This component deploys an Application Insights instance.", @@ -296,8 +296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13934424345752147710" + "version": "0.22.6.54827", + "templateHash": "11402620495113145502" } }, "parameters": { diff --git a/modules/insights/data-collection-endpoint/.test/common/main.test.bicep b/modules/insights/data-collection-endpoint/.test/common/main.test.bicep index 2ce0a08132..5c0660113b 100644 --- a/modules/insights/data-collection-endpoint/.test/common/main.test.bicep +++ b/modules/insights/data-collection-endpoint/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/data-collection-endpoint/.test/min/main.test.bicep b/modules/insights/data-collection-endpoint/.test/min/main.test.bicep index 0de821478e..0ac9115755 100644 --- a/modules/insights/data-collection-endpoint/.test/min/main.test.bicep +++ b/modules/insights/data-collection-endpoint/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index 73a632031b..b967448c1e 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -5,10 +5,10 @@ This module deploys a Data Collection Endpoint. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,55 +18,28 @@ This module deploys a Data Collection Endpoint. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/dataCollectionEndpoints` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-04-01/dataCollectionEndpoints) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the data collection endpoint. The name is case insensitive. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `kind` | string | `'Linux'` | `[Linux, Windows]` | The kind of the resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | The configuration to set whether network access from public internet to the endpoints are allowed. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the dataCollectionEndpoint. | -| `resourceGroupName` | string | The name of the resource group the dataCollectionEndpoint was created in. | -| `resourceId` | string | The resource ID of the dataCollectionEndpoint. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.data-collection-endpoint:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' = { +module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoint:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcecom' params: { // Required parameters @@ -148,14 +121,17 @@ module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' =

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' = { +module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoint:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcemin' params: { // Required parameters @@ -192,3 +168,96 @@ module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' =

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the data collection endpoint. The name is case insensitive. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`kind`](#parameter-kind) | string | The kind of the resource. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | The configuration to set whether network access from public internet to the endpoints are allowed. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +The kind of the resource. +- Required: No +- Type: string +- Default: `'Linux'` +- Allowed: `[Linux, Windows]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the data collection endpoint. The name is case insensitive. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +The configuration to set whether network access from public internet to the endpoints are allowed. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the dataCollectionEndpoint. | +| `resourceGroupName` | string | The name of the resource group the dataCollectionEndpoint was created in. | +| `resourceId` | string | The resource ID of the dataCollectionEndpoint. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/data-collection-endpoint/main.json b/modules/insights/data-collection-endpoint/main.json index 23d2aeef04..f40ef19865 100644 --- a/modules/insights/data-collection-endpoint/main.json +++ b/modules/insights/data-collection-endpoint/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3728781575799278005" + "version": "0.22.6.54827", + "templateHash": "13275626141321439645" }, "name": "Data Collection Endpoints", "description": "This module deploys a Data Collection Endpoint.", @@ -157,8 +157,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8300016643720111813" + "version": "0.22.6.54827", + "templateHash": "5079554613850149123" } }, "parameters": { diff --git a/modules/insights/data-collection-rule/.test/min/main.test.bicep b/modules/insights/data-collection-rule/.test/min/main.test.bicep index 46e103725d..e18f5d9ef8 100644 --- a/modules/insights/data-collection-rule/.test/min/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index aa4038af07..d1ce364f66 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -5,10 +5,10 @@ This module deploys a Data Collection Rule. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,60 +18,29 @@ This module deploys a Data Collection Rule. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/dataCollectionRules` | [2021-09-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-09-01-preview/dataCollectionRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `dataFlows` | array | The specification of data flows. | -| `dataSources` | object | Specification of data sources that will be collected. | -| `destinations` | object | Specification of destinations that can be used in data flows. | -| `name` | string | The name of the data collection rule. The name is case insensitive. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dataCollectionEndpointId` | string | `''` | | The resource ID of the data collection endpoint that this rule can be used with. | -| `description` | string | `''` | | Description of the data collection rule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `kind` | string | `'Linux'` | `[Linux, Windows]` | The kind of the resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `streamDeclarations` | object | `{object}` | | Declaration of custom streams used in this rule. | -| `tags` | object | `{object}` | | Resource tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the dataCollectionRule. | -| `resourceGroupName` | string | The name of the resource group the dataCollectionRule was created in. | -| `resourceId` | string | The resource ID of the dataCollectionRule. | - -## Cross-referenced modules +## Usage examples -_None_ +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.data-collection-rule:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Customadv](#example-1-customadv) +- [Custombasic](#example-2-custombasic) +- [Customiis](#example-3-customiis) +- [Linux](#example-4-linux) +- [Using only defaults](#example-5-using-only-defaults) +- [Windows](#example-6-windows) -

Example 1: Customadv

+### Example 1: _Customadv_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrcusadv' params: { // Required parameters @@ -305,14 +274,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 2: Custombasic

+### Example 2: _Custombasic_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrcusbas' params: { // Required parameters @@ -514,14 +483,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 3: Customiis

+### Example 3: _Customiis_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrcusiis' params: { // Required parameters @@ -679,14 +648,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 4: Linux

+### Example 4: _Linux_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrlin' params: { // Required parameters @@ -1068,14 +1037,17 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 5: Min

+### Example 5: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrmin' params: { // Required parameters @@ -1199,14 +1171,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 6: Windows

+### Example 6: _Windows_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrwin' params: { // Required parameters @@ -1495,3 +1467,132 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dataFlows`](#parameter-dataflows) | array | The specification of data flows. | +| [`dataSources`](#parameter-datasources) | object | Specification of data sources that will be collected. | +| [`destinations`](#parameter-destinations) | object | Specification of destinations that can be used in data flows. | +| [`name`](#parameter-name) | string | The name of the data collection rule. The name is case insensitive. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dataCollectionEndpointId`](#parameter-datacollectionendpointid) | string | The resource ID of the data collection endpoint that this rule can be used with. | +| [`description`](#parameter-description) | string | Description of the data collection rule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`kind`](#parameter-kind) | string | The kind of the resource. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`streamDeclarations`](#parameter-streamdeclarations) | object | Declaration of custom streams used in this rule. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `dataCollectionEndpointId` + +The resource ID of the data collection endpoint that this rule can be used with. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataFlows` + +The specification of data flows. +- Required: Yes +- Type: array + +### Parameter: `dataSources` + +Specification of data sources that will be collected. +- Required: Yes +- Type: object + +### Parameter: `description` + +Description of the data collection rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinations` + +Specification of destinations that can be used in data flows. +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +The kind of the resource. +- Required: No +- Type: string +- Default: `'Linux'` +- Allowed: `[Linux, Windows]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the data collection rule. The name is case insensitive. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `streamDeclarations` + +Declaration of custom streams used in this rule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the dataCollectionRule. | +| `resourceGroupName` | string | The name of the resource group the dataCollectionRule was created in. | +| `resourceId` | string | The resource ID of the dataCollectionRule. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/data-collection-rule/main.json b/modules/insights/data-collection-rule/main.json index 40ab530aea..9fd6a4d083 100644 --- a/modules/insights/data-collection-rule/main.json +++ b/modules/insights/data-collection-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4052867535187508575" + "version": "0.22.6.54827", + "templateHash": "12233779363216703767" }, "name": "Data Collection Rules", "description": "This module deploys a Data Collection Rule.", @@ -188,8 +188,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5004939963696451046" + "version": "0.22.6.54827", + "templateHash": "15006261932688103990" } }, "parameters": { diff --git a/modules/insights/diagnostic-setting/.test/common/main.test.bicep b/modules/insights/diagnostic-setting/.test/common/main.test.bicep index d8eb101670..4fdfbd0770 100644 --- a/modules/insights/diagnostic-setting/.test/common/main.test.bicep +++ b/modules/insights/diagnostic-setting/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/diagnostic-setting/README.md b/modules/insights/diagnostic-setting/README.md index 1af907de3f..d4369f0915 100644 --- a/modules/insights/diagnostic-setting/README.md +++ b/modules/insights/diagnostic-setting/README.md @@ -5,10 +5,10 @@ This module deploys a Subscription wide export of the Activity Log. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,49 +16,27 @@ This module deploys a Subscription wide export of the Activity Log. | :-- | :-- | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', Administrative, Alert, allLogs, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Name of the ActivityLog diagnostic settings. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the diagnostic settings. | -| `resourceId` | string | The resource ID of the diagnostic settings. | -| `subscriptionName` | string | The name of the subscription to deploy into. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.diagnostic-setting:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module diagnosticSetting './insights/diagnostic-setting/main.bicep' = { +module diagnosticSetting 'br:bicep/modules/insights.diagnostic-setting:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-idscom' params: { diagnosticEventHubAuthorizationRuleId: '' @@ -107,3 +85,89 @@ module diagnosticSetting './insights/diagnostic-setting/main.bicep' = {

+ + +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`name`](#parameter-name) | string | Name of the ActivityLog diagnostic settings. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', Administrative, Alert, allLogs, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +Name of the ActivityLog diagnostic settings. +- Required: No +- Type: string +- Default: `[format('{0}-ActivityLog', uniqueString(subscription().id))]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the diagnostic settings. | +| `resourceId` | string | The resource ID of the diagnostic settings. | +| `subscriptionName` | string | The name of the subscription to deploy into. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/diagnostic-setting/main.json b/modules/insights/diagnostic-setting/main.json index 19685f7e7b..7ced987e1c 100644 --- a/modules/insights/diagnostic-setting/main.json +++ b/modules/insights/diagnostic-setting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9469136899800527049" + "version": "0.22.6.54827", + "templateHash": "11607957812214718943" }, "name": "Diagnostic Settings (Activity Logs) for Azure Subscriptions", "description": "This module deploys a Subscription wide export of the Activity Log.", diff --git a/modules/insights/metric-alert/.test/common/main.test.bicep b/modules/insights/metric-alert/.test/common/main.test.bicep index 148d924d70..a5fcd52873 100644 --- a/modules/insights/metric-alert/.test/common/main.test.bicep +++ b/modules/insights/metric-alert/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/metric-alert/README.md b/modules/insights/metric-alert/README.md index b2ffecb0f5..9167bd19af 100644 --- a/modules/insights/metric-alert/README.md +++ b/modules/insights/metric-alert/README.md @@ -4,82 +4,40 @@ This module deploys a Metric Alert. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/metricAlerts` | [2018-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2018-03-01/metricAlerts) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `criterias` | array | Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. | -| `name` | string | The name of the alert. | - -**Conditional parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `targetResourceRegion` | string | `''` | The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | -| `targetResourceType` | string | `''` | The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | | The list of actions to take when alert triggers. | -| `alertCriteriaType` | string | `'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'` | `[Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria]` | Maps to the 'odata.type' field. Specifies the type of the alert criteria. | -| `alertDescription` | string | `''` | | Description of the alert. | -| `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be auto resolved or not. | -| `enabled` | bool | `True` | | Indicates whether this alert is enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evaluationFrequency` | string | `'PT5M'` | `[PT15M, PT1H, PT1M, PT30M, PT5M]` | how often the metric alert is evaluated represented in ISO 8601 duration format. | -| `location` | string | `'global'` | | Location for all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopes` | array | `[[subscription().id]]` | | the list of resource IDs that this metric alert is scoped to. | -| `severity` | int | `3` | `[0, 1, 2, 3, 4]` | The severity of the alert. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `windowSize` | string | `'PT15M'` | `[P1D, PT12H, PT15M, PT1H, PT1M, PT30M, PT5M, PT6H]` | the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the metric alert. | -| `resourceGroupName` | string | The resource group the metric alert was deployed into. | -| `resourceId` | string | The resource ID of the metric alert. | - -## Cross-referenced modules - -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.metric-alert:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module metricAlert './insights/metric-alert/main.bicep' = { +module metricAlert 'br:bicep/modules/insights.metric-alert:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-imacom' params: { // Required parameters @@ -196,3 +154,173 @@ module metricAlert './insights/metric-alert/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`criterias`](#parameter-criterias) | array | Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. | +| [`name`](#parameter-name) | string | The name of the alert. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`targetResourceRegion`](#parameter-targetresourceregion) | string | The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | +| [`targetResourceType`](#parameter-targetresourcetype) | string | The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | The list of actions to take when alert triggers. | +| [`alertCriteriaType`](#parameter-alertcriteriatype) | string | Maps to the 'odata.type' field. Specifies the type of the alert criteria. | +| [`alertDescription`](#parameter-alertdescription) | string | Description of the alert. | +| [`autoMitigate`](#parameter-automitigate) | bool | The flag that indicates whether the alert should be auto resolved or not. | +| [`enabled`](#parameter-enabled) | bool | Indicates whether this alert is enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evaluationFrequency`](#parameter-evaluationfrequency) | string | how often the metric alert is evaluated represented in ISO 8601 duration format. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopes`](#parameter-scopes) | array | the list of resource IDs that this metric alert is scoped to. | +| [`severity`](#parameter-severity) | int | The severity of the alert. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`windowSize`](#parameter-windowsize) | string | the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. | + +### Parameter: `actions` + +The list of actions to take when alert triggers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `alertCriteriaType` + +Maps to the 'odata.type' field. Specifies the type of the alert criteria. +- Required: No +- Type: string +- Default: `'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'` +- Allowed: `[Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria]` + +### Parameter: `alertDescription` + +Description of the alert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `autoMitigate` + +The flag that indicates whether the alert should be auto resolved or not. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `criterias` + +Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. +- Required: Yes +- Type: array + +### Parameter: `enabled` + +Indicates whether this alert is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evaluationFrequency` + +how often the metric alert is evaluated represented in ISO 8601 duration format. +- Required: No +- Type: string +- Default: `'PT5M'` +- Allowed: `[PT15M, PT1H, PT1M, PT30M, PT5M]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `name` + +The name of the alert. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopes` + +the list of resource IDs that this metric alert is scoped to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `severity` + +The severity of the alert. +- Required: No +- Type: int +- Default: `3` +- Allowed: `[0, 1, 2, 3, 4]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceRegion` + +The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `targetResourceType` + +The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `windowSize` + +the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. +- Required: No +- Type: string +- Default: `'PT15M'` +- Allowed: `[P1D, PT12H, PT15M, PT1H, PT1M, PT30M, PT5M, PT6H]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the metric alert. | +| `resourceGroupName` | string | The resource group the metric alert was deployed into. | +| `resourceId` | string | The resource ID of the metric alert. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/private-link-scope/.test/common/main.test.bicep b/modules/insights/private-link-scope/.test/common/main.test.bicep index ee6b934b40..9b899bd5c8 100644 --- a/modules/insights/private-link-scope/.test/common/main.test.bicep +++ b/modules/insights/private-link-scope/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/private-link-scope/.test/min/main.test.bicep b/modules/insights/private-link-scope/.test/min/main.test.bicep index 63ab6727cc..38e1bad335 100644 --- a/modules/insights/private-link-scope/.test/min/main.test.bicep +++ b/modules/insights/private-link-scope/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/private-link-scope/README.md b/modules/insights/private-link-scope/README.md index 44b66f32bb..95d6f651da 100644 --- a/modules/insights/private-link-scope/README.md +++ b/modules/insights/private-link-scope/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Monitor Private Link Scope. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,59 +21,27 @@ This module deploys an Azure Monitor Private Link Scope. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the private link scope. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.private-link-scope:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | | The location of the private link scope. Should be global. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopedResources` | array | `[]` | | Configuration details for Azure Monitor Resources. | -| `tags` | object | `{object}` | | Resource tags. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private link scope. | -| `resourceGroupName` | string | The resource group the private link scope was deployed into. | -| `resourceId` | string | The resource ID of the private link scope. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module privateLinkScope './insights/private-link-scope/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-iplscom' params: { // Required parameters @@ -191,14 +159,16 @@ module privateLinkScope './insights/private-link-scope/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module privateLinkScope './insights/private-link-scope/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-iplsmin' params: { // Required parameters @@ -235,3 +205,98 @@ module privateLinkScope './insights/private-link-scope/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the private link scope. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location of the private link scope. Should be global. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopedResources`](#parameter-scopedresources) | array | Configuration details for Azure Monitor Resources. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location of the private link scope. Should be global. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the private link scope. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopedResources` + +Configuration details for Azure Monitor Resources. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the private link scope. | +| `resourceGroupName` | string | The resource group the private link scope was deployed into. | +| `resourceId` | string | The resource ID of the private link scope. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/insights/private-link-scope/main.json b/modules/insights/private-link-scope/main.json index d6e2051ab8..309a70ce4d 100644 --- a/modules/insights/private-link-scope/main.json +++ b/modules/insights/private-link-scope/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13996279122424310340" + "version": "0.22.6.54827", + "templateHash": "9824068275707710634" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -147,8 +147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3902218127334936289" + "version": "0.22.6.54827", + "templateHash": "13415430389319270642" }, "name": "Private Link Scope Scoped Resources", "description": "This module deploys a Private Link Scope Scoped Resource.", @@ -282,8 +282,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -482,8 +482,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -620,8 +620,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -834,8 +834,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10054224154652466544" + "version": "0.22.6.54827", + "templateHash": "5166949819431915903" } }, "parameters": { diff --git a/modules/insights/private-link-scope/scoped-resource/README.md b/modules/insights/private-link-scope/scoped-resource/README.md index 9a2b71bdfd..77b61ba102 100644 --- a/modules/insights/private-link-scope/scoped-resource/README.md +++ b/modules/insights/private-link-scope/scoped-resource/README.md @@ -19,27 +19,52 @@ This module deploys a Private Link Scope Scoped Resource. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `linkedResourceId` | string | The resource ID of the scoped Azure monitor resource. | -| `name` | string | Name of the private link scoped resource. | +| [`linkedResourceId`](#parameter-linkedresourceid) | string | The resource ID of the scoped Azure monitor resource. | +| [`name`](#parameter-name) | string | Name of the private link scoped resource. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateLinkScopeName` | string | The name of the parent private link scope. Required if the template is used in a standalone deployment. | +| [`privateLinkScopeName`](#parameter-privatelinkscopename) | string | The name of the parent private link scope. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `linkedResourceId` + +The resource ID of the scoped Azure monitor resource. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the private link scoped resource. +- Required: Yes +- Type: string + +### Parameter: `privateLinkScopeName` + +The name of the parent private link scope. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The full name of the deployed Scoped Resource. | | `resourceGroupName` | string | The name of the resource group where the resource has been deployed. | diff --git a/modules/insights/private-link-scope/scoped-resource/main.json b/modules/insights/private-link-scope/scoped-resource/main.json index 790a70f1a7..349184548c 100644 --- a/modules/insights/private-link-scope/scoped-resource/main.json +++ b/modules/insights/private-link-scope/scoped-resource/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15630582062607337146" + "version": "0.22.6.54827", + "templateHash": "13415430389319270642" }, "name": "Private Link Scope Scoped Resources", "description": "This module deploys a Private Link Scope Scoped Resource.", diff --git a/modules/insights/scheduled-query-rule/.test/common/main.test.bicep b/modules/insights/scheduled-query-rule/.test/common/main.test.bicep index a8b98171e6..225e5a94d4 100644 --- a/modules/insights/scheduled-query-rule/.test/common/main.test.bicep +++ b/modules/insights/scheduled-query-rule/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/scheduled-query-rule/README.md b/modules/insights/scheduled-query-rule/README.md index ac0722d263..6a30bc24a4 100644 --- a/modules/insights/scheduled-query-rule/README.md +++ b/modules/insights/scheduled-query-rule/README.md @@ -4,79 +4,40 @@ This module deploys a Scheduled Query Rule. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/scheduledQueryRules` | [2021-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-02-01-preview/scheduledQueryRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `criterias` | object | The rule criteria that defines the conditions of the scheduled query rule. | -| `name` | string | The name of the Alert. | -| `scopes` | array | The list of resource IDs that this scheduled query rule is scoped to. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | | Actions to invoke when the alert fires. | -| `alertDescription` | string | `''` | | The description of the scheduled query rule. | -| `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. | -| `enabled` | bool | `True` | | The flag which indicates whether this scheduled query rule is enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evaluationFrequency` | string | `''` | | How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. | -| `kind` | string | `'LogAlert'` | `[LogAlert, LogToMetric]` | Indicates the type of scheduled query rule. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `queryTimeRange` | string | `''` | | If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `severity` | int | `3` | `[0, 1, 2, 3, 4]` | Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. | -| `skipQueryValidation` | bool | `False` | | The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. | -| `suppressForMinutes` | string | `''` | | Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetResourceTypes` | array | `[]` | | List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. | -| `windowSize` | string | `''` | | The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the created query rule. | -| `resourceGroupName` | string | The Resource Group of the created query rule. | -| `resourceId` | string | The resource ID of the created query rule. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.scheduled-query-rule:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module scheduledQueryRule './insights/scheduled-query-rule/main.bicep' = { +module scheduledQueryRule 'br:bicep/modules/insights.scheduled-query-rule:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-isqrcom' params: { // Required parameters @@ -233,3 +194,181 @@ module scheduledQueryRule './insights/scheduled-query-rule/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`criterias`](#parameter-criterias) | object | The rule criteria that defines the conditions of the scheduled query rule. | +| [`name`](#parameter-name) | string | The name of the Alert. | +| [`scopes`](#parameter-scopes) | array | The list of resource IDs that this scheduled query rule is scoped to. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | Actions to invoke when the alert fires. | +| [`alertDescription`](#parameter-alertdescription) | string | The description of the scheduled query rule. | +| [`autoMitigate`](#parameter-automitigate) | bool | The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. | +| [`enabled`](#parameter-enabled) | bool | The flag which indicates whether this scheduled query rule is enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evaluationFrequency`](#parameter-evaluationfrequency) | string | How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. | +| [`kind`](#parameter-kind) | string | Indicates the type of scheduled query rule. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`queryTimeRange`](#parameter-querytimerange) | string | If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`severity`](#parameter-severity) | int | Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. | +| [`skipQueryValidation`](#parameter-skipqueryvalidation) | bool | The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. | +| [`suppressForMinutes`](#parameter-suppressforminutes) | string | Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`targetResourceTypes`](#parameter-targetresourcetypes) | array | List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. | +| [`windowSize`](#parameter-windowsize) | string | The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. | + +### Parameter: `actions` + +Actions to invoke when the alert fires. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `alertDescription` + +The description of the scheduled query rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `autoMitigate` + +The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `criterias` + +The rule criteria that defines the conditions of the scheduled query rule. +- Required: Yes +- Type: object + +### Parameter: `enabled` + +The flag which indicates whether this scheduled query rule is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evaluationFrequency` + +How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `kind` + +Indicates the type of scheduled query rule. +- Required: No +- Type: string +- Default: `'LogAlert'` +- Allowed: `[LogAlert, LogToMetric]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Alert. +- Required: Yes +- Type: string + +### Parameter: `queryTimeRange` + +If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopes` + +The list of resource IDs that this scheduled query rule is scoped to. +- Required: Yes +- Type: array + +### Parameter: `severity` + +Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. +- Required: No +- Type: int +- Default: `3` +- Allowed: `[0, 1, 2, 3, 4]` + +### Parameter: `skipQueryValidation` + +The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `suppressForMinutes` + +Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceTypes` + +List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `windowSize` + +The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the created query rule. | +| `resourceGroupName` | string | The Resource Group of the created query rule. | +| `resourceId` | string | The resource ID of the created query rule. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/scheduled-query-rule/main.json b/modules/insights/scheduled-query-rule/main.json index 5d00e35361..5f912821a8 100644 --- a/modules/insights/scheduled-query-rule/main.json +++ b/modules/insights/scheduled-query-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14503369793494300469" + "version": "0.22.6.54827", + "templateHash": "5166537476303359521" }, "name": "Scheduled Query Rules", "description": "This module deploys a Scheduled Query Rule.", @@ -230,8 +230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15352642791797157407" + "version": "0.22.6.54827", + "templateHash": "10545808551952818846" } }, "parameters": { diff --git a/modules/insights/webtest/.test/common/main.test.bicep b/modules/insights/webtest/.test/common/main.test.bicep index 9e5d9bf6ce..2c96c3c4dd 100644 --- a/modules/insights/webtest/.test/common/main.test.bicep +++ b/modules/insights/webtest/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/webtest/.test/min/main.test.bicep b/modules/insights/webtest/.test/min/main.test.bicep index c309005ca8..b5fd4f6831 100644 --- a/modules/insights/webtest/.test/min/main.test.bicep +++ b/modules/insights/webtest/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/webtest/README.md b/modules/insights/webtest/README.md index a46e16f64a..e875e2c3a4 100644 --- a/modules/insights/webtest/README.md +++ b/modules/insights/webtest/README.md @@ -5,10 +5,10 @@ This module deploys a Web Test. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,65 +18,28 @@ This module deploys a Web Test. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/webtests` | [2022-06-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2022-06-15/webtests) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the webtest. | -| `request` | object | The collection of request properties. | -| `tags` | object | A single hidden-link tag pointing to an existing AI component is required. | -| `webTestName` | string | User defined name if this WebTest. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `configuration` | object | `{object}` | | An XML configuration specification for a WebTest. | -| `description` | string | `''` | | User defined description for this WebTest. | -| `enabled` | bool | `True` | | Is the test actively being monitored. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `frequency` | int | `300` | | Interval in seconds between test runs for this WebTest. | -| `kind` | string | `'standard'` | `[multistep, ping, standard]` | The kind of WebTest that this web test watches. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `locations` | array | `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` | | List of where to physically run the tests from to give global coverage for accessibility of your application. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `retryEnabled` | bool | `True` | | Allow for retries should this WebTest fail. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `syntheticMonitorId` | string | `[parameters('name')]` | | Unique ID of this WebTest. | -| `timeout` | int | `30` | | Seconds until this WebTest will timeout and fail. | -| `validationRules` | object | `{object}` | | The collection of validation rule properties. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the webtest. | -| `resourceGroupName` | string | The resource group the resource was deployed into. | -| `resourceId` | string | The resource ID of the webtest. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.webtest:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module webtest './insights/webtest/main.bicep' = { +module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iwtcom' params: { // Required parameters @@ -158,14 +121,17 @@ module webtest './insights/webtest/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module webtest './insights/webtest/main.bicep' = { +module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iwtmin' params: { // Required parameters @@ -226,3 +192,172 @@ module webtest './insights/webtest/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the webtest. | +| [`request`](#parameter-request) | object | The collection of request properties. | +| [`tags`](#parameter-tags) | object | A single hidden-link tag pointing to an existing AI component is required. | +| [`webTestName`](#parameter-webtestname) | string | User defined name if this WebTest. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`configuration`](#parameter-configuration) | object | An XML configuration specification for a WebTest. | +| [`description`](#parameter-description) | string | User defined description for this WebTest. | +| [`enabled`](#parameter-enabled) | bool | Is the test actively being monitored. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`frequency`](#parameter-frequency) | int | Interval in seconds between test runs for this WebTest. | +| [`kind`](#parameter-kind) | string | The kind of WebTest that this web test watches. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`locations`](#parameter-locations) | array | List of where to physically run the tests from to give global coverage for accessibility of your application. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`retryEnabled`](#parameter-retryenabled) | bool | Allow for retries should this WebTest fail. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`syntheticMonitorId`](#parameter-syntheticmonitorid) | string | Unique ID of this WebTest. | +| [`timeout`](#parameter-timeout) | int | Seconds until this WebTest will timeout and fail. | +| [`validationRules`](#parameter-validationrules) | object | The collection of validation rule properties. | + +### Parameter: `configuration` + +An XML configuration specification for a WebTest. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `description` + +User defined description for this WebTest. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enabled` + +Is the test actively being monitored. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `frequency` + +Interval in seconds between test runs for this WebTest. +- Required: No +- Type: int +- Default: `300` + +### Parameter: `kind` + +The kind of WebTest that this web test watches. +- Required: No +- Type: string +- Default: `'standard'` +- Allowed: `[multistep, ping, standard]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `locations` + +List of where to physically run the tests from to give global coverage for accessibility of your application. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the webtest. +- Required: Yes +- Type: string + +### Parameter: `request` + +The collection of request properties. +- Required: Yes +- Type: object + +### Parameter: `retryEnabled` + +Allow for retries should this WebTest fail. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `syntheticMonitorId` + +Unique ID of this WebTest. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `tags` + +A single hidden-link tag pointing to an existing AI component is required. +- Required: Yes +- Type: object + +### Parameter: `timeout` + +Seconds until this WebTest will timeout and fail. +- Required: No +- Type: int +- Default: `30` + +### Parameter: `validationRules` + +The collection of validation rule properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webTestName` + +User defined name if this WebTest. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the webtest. | +| `resourceGroupName` | string | The resource group the resource was deployed into. | +| `resourceId` | string | The resource ID of the webtest. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/webtest/main.json b/modules/insights/webtest/main.json index 0705ac73d2..334ab5e53b 100644 --- a/modules/insights/webtest/main.json +++ b/modules/insights/webtest/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16956370635999680512" + "version": "0.22.6.54827", + "templateHash": "17812769147790423288" }, "name": "Web Tests", "description": "This module deploys a Web Test.", @@ -245,8 +245,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10303500513207854110" + "version": "0.22.6.54827", + "templateHash": "13954103255282067786" } }, "parameters": { diff --git a/modules/key-vault/vault/.test/common/main.test.bicep b/modules/key-vault/vault/.test/common/main.test.bicep index 42499a4e72..179de80d30 100644 --- a/modules/key-vault/vault/.test/common/main.test.bicep +++ b/modules/key-vault/vault/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/key-vault/vault/.test/min/main.test.bicep b/modules/key-vault/vault/.test/min/main.test.bicep index 0ecea959ed..1fe0290488 100644 --- a/modules/key-vault/vault/.test/min/main.test.bicep +++ b/modules/key-vault/vault/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index abd7378c73..2160f1abf6 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -5,10 +5,10 @@ This module deploys a Key Vault. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -24,80 +24,27 @@ This module deploys a Key Vault. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Key Vault. Must be globally unique. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessPolicies` | array | `[]` | | All access policies to create. | -| `createMode` | string | `'default'` | | The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AuditEvent, AzurePolicyEvaluationDetails]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enablePurgeProtection` | bool | `True` | | Provide 'true' to enable Key Vault's purge protection feature. | -| `enableRbacAuthorization` | bool | `True` | | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. | -| `enableSoftDelete` | bool | `True` | | Switch to enable/disable Key Vault's soft delete feature. | -| `enableVaultForDeployment` | bool | `True` | | Specifies if the vault is enabled for deployment by script or compute. | -| `enableVaultForDiskEncryption` | bool | `True` | | Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | -| `enableVaultForTemplateDeployment` | bool | `True` | | Specifies if the vault is enabled for a template deployment. | -| `keys` | array | `[]` | | All keys to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkAcls` | object | `{object}` | | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `secrets` | secureObject | `{object}` | | All secrets to create. | -| `softDeleteRetentionInDays` | int | `90` | | softDelete data retention days. It accepts >=7 and <=90. | -| `tags` | object | `{object}` | | Resource tags. | -| `vaultSku` | string | `'premium'` | `[premium, standard]` | Specifies the SKU for the vault. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the key vault. | -| `resourceGroupName` | string | The name of the resource group the key vault was created in. | -| `resourceId` | string | The resource ID of the key vault. | -| `uri` | string | The URI of the key vault. | +## Usage examples -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/key-vault.vault:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Accesspolicies](#example-1-accesspolicies) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) -

Example 1: Accesspolicies

+### Example 1: _Accesspolicies_
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvap' params: { // Required parameters @@ -263,14 +210,17 @@ module vault './key-vault/vault/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvcom' params: { // Required parameters @@ -558,14 +508,17 @@ module vault './key-vault/vault/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvmin' params: { // Required parameters @@ -607,14 +560,14 @@ module vault './key-vault/vault/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvpe' params: { // Required parameters @@ -755,3 +708,263 @@ module vault './key-vault/vault/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Key Vault. Must be globally unique. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessPolicies`](#parameter-accesspolicies) | array | All access policies to create. | +| [`createMode`](#parameter-createmode) | string | The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Provide 'true' to enable Key Vault's purge protection feature. | +| [`enableRbacAuthorization`](#parameter-enablerbacauthorization) | bool | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. | +| [`enableSoftDelete`](#parameter-enablesoftdelete) | bool | Switch to enable/disable Key Vault's soft delete feature. | +| [`enableVaultForDeployment`](#parameter-enablevaultfordeployment) | bool | Specifies if the vault is enabled for deployment by script or compute. | +| [`enableVaultForDiskEncryption`](#parameter-enablevaultfordiskencryption) | bool | Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | +| [`enableVaultForTemplateDeployment`](#parameter-enablevaultfortemplatedeployment) | bool | Specifies if the vault is enabled for a template deployment. | +| [`keys`](#parameter-keys) | array | All keys to create. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkAcls`](#parameter-networkacls) | object | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`secrets`](#parameter-secrets) | secureObject | All secrets to create. | +| [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | softDelete data retention days. It accepts >=7 and <=90. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`vaultSku`](#parameter-vaultsku) | string | Specifies the SKU for the vault. | + +### Parameter: `accessPolicies` + +All access policies to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `createMode` + +The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AuditEvent, AzurePolicyEvaluationDetails]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePurgeProtection` + +Provide 'true' to enable Key Vault's purge protection feature. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableRbacAuthorization` + +Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableSoftDelete` + +Switch to enable/disable Key Vault's soft delete feature. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableVaultForDeployment` + +Specifies if the vault is enabled for deployment by script or compute. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableVaultForDiskEncryption` + +Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableVaultForTemplateDeployment` + +Specifies if the vault is enabled for a template deployment. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keys` + +All keys to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Key Vault. Must be globally unique. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +All secrets to create. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `softDeleteRetentionInDays` + +softDelete data retention days. It accepts >=7 and <=90. +- Required: No +- Type: int +- Default: `90` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vaultSku` + +Specifies the SKU for the vault. +- Required: No +- Type: string +- Default: `'premium'` +- Allowed: `[premium, standard]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the key vault. | +| `resourceGroupName` | string | The name of the resource group the key vault was created in. | +| `resourceId` | string | The resource ID of the key vault. | +| `uri` | string | The URI of the key vault. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/key-vault/vault/access-policy/README.md b/modules/key-vault/vault/access-policy/README.md index 02445788a0..3cd899cab1 100644 --- a/modules/key-vault/vault/access-policy/README.md +++ b/modules/key-vault/vault/access-policy/README.md @@ -19,21 +19,41 @@ This module deploys a Key Vault Access Policy. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | +| [`keyVaultName`](#parameter-keyvaultname) | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `accessPolicies` | array | `[]` | An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessPolicies`](#parameter-accesspolicies) | array | An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `accessPolicies` + +An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the access policies assignment. | | `resourceGroupName` | string | The name of the resource group the access policies assignment was created in. | diff --git a/modules/key-vault/vault/access-policy/main.json b/modules/key-vault/vault/access-policy/main.json index 6aab64e72c..ca9895ce0c 100644 --- a/modules/key-vault/vault/access-policy/main.json +++ b/modules/key-vault/vault/access-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10458348557666655329" + "version": "0.22.6.54827", + "templateHash": "2131300650084383528" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", diff --git a/modules/key-vault/vault/key/README.md b/modules/key-vault/vault/key/README.md index fa6e94dc7b..df45c90f3d 100644 --- a/modules/key-vault/vault/key/README.md +++ b/modules/key-vault/vault/key/README.md @@ -21,36 +21,128 @@ This module deploys a Key Vault Key. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the key. | +| [`name`](#parameter-name) | string | The name of the key. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | +| [`keyVaultName`](#parameter-keyvaultname) | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `attributesEnabled` | bool | `True` | | Determines whether the object is enabled. | -| `attributesExp` | int | `-1` | | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | -| `attributesNbf` | int | `-1` | | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `curveName` | string | `'P-256'` | `[P-256, P-256K, P-384, P-521]` | The elliptic curve name. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `keyOps` | array | `[]` | `[decrypt, encrypt, import, sign, unwrapKey, verify, wrapKey]` | Array of JsonWebKeyOperation. | -| `keySize` | int | `-1` | | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | -| `kty` | string | `'EC'` | `[EC, EC-HSM, RSA, RSA-HSM]` | The type of the key. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `rotationPolicy` | object | `{object}` | | Key rotation policy properties object. | -| `tags` | object | `{object}` | | Resource tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`attributesEnabled`](#parameter-attributesenabled) | bool | Determines whether the object is enabled. | +| [`attributesExp`](#parameter-attributesexp) | int | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | +| [`attributesNbf`](#parameter-attributesnbf) | int | Not before date in seconds since 1970-01-01T00:00:00Z. | +| [`curveName`](#parameter-curvename) | string | The elliptic curve name. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`keyOps`](#parameter-keyops) | array | Array of JsonWebKeyOperation. | +| [`keySize`](#parameter-keysize) | int | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | +| [`kty`](#parameter-kty) | string | The type of the key. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`rotationPolicy`](#parameter-rotationpolicy) | object | Key rotation policy properties object. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `attributesEnabled` + +Determines whether the object is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `attributesExp` + +Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `attributesNbf` + +Not before date in seconds since 1970-01-01T00:00:00Z. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `curveName` + +The elliptic curve name. +- Required: No +- Type: string +- Default: `'P-256'` +- Allowed: `[P-256, P-256K, P-384, P-521]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyOps` + +Array of JsonWebKeyOperation. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[decrypt, encrypt, import, sign, unwrapKey, verify, wrapKey]` + +### Parameter: `keySize` + +The key size in bits. For example: 2048, 3072, or 4096 for RSA. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `kty` + +The type of the key. +- Required: No +- Type: string +- Default: `'EC'` +- Allowed: `[EC, EC-HSM, RSA, RSA-HSM]` + +### Parameter: `name` + +The name of the key. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rotationPolicy` + +Key rotation policy properties object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the key. | | `resourceGroupName` | string | The name of the resource group the key was created in. | diff --git a/modules/key-vault/vault/key/main.json b/modules/key-vault/vault/key/main.json index 42b35d55cc..84cf8349fb 100644 --- a/modules/key-vault/vault/key/main.json +++ b/modules/key-vault/vault/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13427300513937033652" + "version": "0.22.6.54827", + "templateHash": "3444180240240001557" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -190,8 +190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.22.6.54827", + "templateHash": "14547096535874536511" } }, "parameters": { diff --git a/modules/key-vault/vault/main.json b/modules/key-vault/vault/main.json index aafc3db6bd..c270216400 100644 --- a/modules/key-vault/vault/main.json +++ b/modules/key-vault/vault/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9452615051960144682" + "version": "0.22.6.54827", + "templateHash": "2257250292452239694" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -369,8 +369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10458348557666655329" + "version": "0.22.6.54827", + "templateHash": "2131300650084383528" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -504,8 +504,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4314059595515029873" + "version": "0.22.6.54827", + "templateHash": "15496955101876834904" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -644,8 +644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15814620610091788537" + "version": "0.22.6.54827", + "templateHash": "17395736576734421648" } }, "parameters": { @@ -839,8 +839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13427300513937033652" + "version": "0.22.6.54827", + "templateHash": "3444180240240001557" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -1025,8 +1025,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.22.6.54827", + "templateHash": "14547096535874536511" } }, "parameters": { @@ -1226,8 +1226,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1426,8 +1426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1564,8 +1564,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1778,8 +1778,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12411629325302614699" + "version": "0.22.6.54827", + "templateHash": "13908410767908593601" } }, "parameters": { diff --git a/modules/key-vault/vault/secret/README.md b/modules/key-vault/vault/secret/README.md index 80f7173e8e..240a6475e6 100644 --- a/modules/key-vault/vault/secret/README.md +++ b/modules/key-vault/vault/secret/README.md @@ -20,33 +20,100 @@ This module deploys a Key Vault Secret. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the secret. | -| `value` | securestring | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | +| [`name`](#parameter-name) | string | The name of the secret. | +| [`value`](#parameter-value) | securestring | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | +| [`keyVaultName`](#parameter-keyvaultname) | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `attributesEnabled` | bool | `True` | Determines whether the object is enabled. | -| `attributesExp` | int | `-1` | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | -| `attributesNbf` | int | `-1` | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `contentType` | securestring | `''` | The content type of the secret. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | Resource tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`attributesEnabled`](#parameter-attributesenabled) | bool | Determines whether the object is enabled. | +| [`attributesExp`](#parameter-attributesexp) | int | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | +| [`attributesNbf`](#parameter-attributesnbf) | int | Not before date in seconds since 1970-01-01T00:00:00Z. | +| [`contentType`](#parameter-contenttype) | securestring | The content type of the secret. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `attributesEnabled` + +Determines whether the object is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `attributesExp` + +Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `attributesNbf` + +Not before date in seconds since 1970-01-01T00:00:00Z. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `contentType` + +The content type of the secret. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the secret. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `value` + +The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. +- Required: Yes +- Type: securestring ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the secret. | | `resourceGroupName` | string | The name of the resource group the secret was created in. | diff --git a/modules/key-vault/vault/secret/main.json b/modules/key-vault/vault/secret/main.json index ca6ad0a02c..07f0947902 100644 --- a/modules/key-vault/vault/secret/main.json +++ b/modules/key-vault/vault/secret/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4314059595515029873" + "version": "0.22.6.54827", + "templateHash": "15496955101876834904" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -144,8 +144,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15814620610091788537" + "version": "0.22.6.54827", + "templateHash": "17395736576734421648" } }, "parameters": { diff --git a/modules/kubernetes-configuration/extension/.test/common/main.test.bicep b/modules/kubernetes-configuration/extension/.test/common/main.test.bicep index 377eeeb3c4..aed37f7e01 100644 --- a/modules/kubernetes-configuration/extension/.test/common/main.test.bicep +++ b/modules/kubernetes-configuration/extension/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/extension/.test/min/main.test.bicep b/modules/kubernetes-configuration/extension/.test/min/main.test.bicep index ba2461c5e6..e387fdf629 100644 --- a/modules/kubernetes-configuration/extension/.test/min/main.test.bicep +++ b/modules/kubernetes-configuration/extension/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/extension/README.md b/modules/kubernetes-configuration/extension/README.md index 5ea39db7e9..ced229237b 100644 --- a/modules/kubernetes-configuration/extension/README.md +++ b/modules/kubernetes-configuration/extension/README.md @@ -5,10 +5,10 @@ This module deploys a Kubernetes Configuration Extension. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -17,62 +17,28 @@ This module deploys a Kubernetes Configuration Extension. | `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) | | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `clusterName` | string | The name of the AKS cluster that should be configured. | -| `extensionType` | string | Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. | -| `name` | string | The name of the Flux Configuration. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `configurationProtectedSettings` | secureObject | `{object}` | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | -| `configurationSettings` | object | `{object}` | Configuration settings, as name-value pairs for configuring this extension. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `fluxConfigurations` | array | `[]` | A list of flux configuraitons. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `releaseNamespace` | string | `''` | Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. | -| `releaseTrain` | string | `'Stable'` | ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". | -| `targetNamespace` | string | `''` | Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. | -| `version` | string | `''` | Version of the extension for this extension, if it is "pinned" to a specific version. | - +## Usage examples -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the extension. | -| `resourceGroupName` | string | The name of the resource group the extension was deployed into. | -| `resourceId` | string | The resource ID of the extension. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `kubernetes-configuration/flux-configuration` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/kubernetes-configuration.extension:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module extension './kubernetes-configuration/extension/main.bicep' = { +module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcecom' params: { // Required parameters @@ -176,14 +142,17 @@ module extension './kubernetes-configuration/extension/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module extension './kubernetes-configuration/extension/main.bicep' = { +module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcemin' params: { // Required parameters @@ -236,3 +205,126 @@ module extension './kubernetes-configuration/extension/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clusterName`](#parameter-clustername) | string | The name of the AKS cluster that should be configured. | +| [`extensionType`](#parameter-extensiontype) | string | Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. | +| [`name`](#parameter-name) | string | The name of the Flux Configuration. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`configurationProtectedSettings`](#parameter-configurationprotectedsettings) | secureObject | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | +| [`configurationSettings`](#parameter-configurationsettings) | object | Configuration settings, as name-value pairs for configuring this extension. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`fluxConfigurations`](#parameter-fluxconfigurations) | array | A list of flux configuraitons. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`releaseNamespace`](#parameter-releasenamespace) | string | Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. | +| [`releaseTrain`](#parameter-releasetrain) | string | ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". | +| [`targetNamespace`](#parameter-targetnamespace) | string | Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. | +| [`version`](#parameter-version) | string | Version of the extension for this extension, if it is "pinned" to a specific version. | + +### Parameter: `clusterName` + +The name of the AKS cluster that should be configured. +- Required: Yes +- Type: string + +### Parameter: `configurationProtectedSettings` + +Configuration settings that are sensitive, as name-value pairs for configuring this extension. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `configurationSettings` + +Configuration settings, as name-value pairs for configuring this extension. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionType` + +Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. +- Required: Yes +- Type: string + +### Parameter: `fluxConfigurations` + +A list of flux configuraitons. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Flux Configuration. +- Required: Yes +- Type: string + +### Parameter: `releaseNamespace` + +Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `releaseTrain` + +ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". +- Required: No +- Type: string +- Default: `'Stable'` + +### Parameter: `targetNamespace` + +Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `version` + +Version of the extension for this extension, if it is "pinned" to a specific version. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the extension. | +| `resourceGroupName` | string | The name of the resource group the extension was deployed into. | +| `resourceId` | string | The resource ID of the extension. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/kubernetes-configuration/flux-configuration` | Local reference | diff --git a/modules/kubernetes-configuration/extension/main.json b/modules/kubernetes-configuration/extension/main.json index 59d2a7c481..f72a9dcfba 100644 --- a/modules/kubernetes-configuration/extension/main.json +++ b/modules/kubernetes-configuration/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14913275975998013893" + "version": "0.22.6.54827", + "templateHash": "5002606439705018990" }, "name": "Kubernetes Configuration Extensions", "description": "This module deploys a Kubernetes Configuration Extension.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11648869363176032755" + "version": "0.22.6.54827", + "templateHash": "6686104224333946371" }, "name": "Kubernetes Configuration Flux Configurations", "description": "This module deploys a Kubernetes Configuration Flux Configuration.", diff --git a/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep b/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep index aca4b0de21..fc42c880db 100644 --- a/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep +++ b/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep b/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep index 19c5b732e7..deffae3122 100644 --- a/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep +++ b/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/flux-configuration/README.md b/modules/kubernetes-configuration/flux-configuration/README.md index dec2c843cf..5e19132a78 100644 --- a/modules/kubernetes-configuration/flux-configuration/README.md +++ b/modules/kubernetes-configuration/flux-configuration/README.md @@ -5,10 +5,10 @@ This module deploys a Kubernetes Configuration Flux Configuration. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -17,58 +17,28 @@ This module deploys a Kubernetes Configuration Flux Configuration. | :-- | :-- | | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `clusterName` | string | | The name of the AKS cluster that should be configured. | -| `name` | string | | The name of the Flux Configuration. | -| `namespace` | string | | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | -| `scope` | string | `[cluster, namespace]` | Scope at which the configuration will be installed. | -| `sourceKind` | string | `[Bucket, GitRepository]` | Source Kind to pull the configuration data from. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `bucket` | object | `{object}` | Parameters to reconcile to the GitRepository source kind type. | -| `configurationProtectedSettings` | secureObject | `{object}` | Key-value pairs of protected configuration settings for the configuration. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gitRepository` | object | `{object}` | Parameters to reconcile to the GitRepository source kind type. | -| `kustomizations` | object | `{object}` | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `suspend` | bool | `False` | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the flux configuration. | -| `resourceGroupName` | string | The name of the resource group the flux configuration was deployed into. | -| `resourceId` | string | The resource ID of the flux configuration. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/kubernetes-configuration.flux-configuration:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bicep' = { +module fluxConfiguration 'br:bicep/modules/kubernetes-configuration.flux-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcfccom' params: { // Required parameters @@ -160,14 +130,17 @@ module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bic

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bicep' = { +module fluxConfiguration 'br:bicep/modules/kubernetes-configuration.flux-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcfcmin' params: { // Required parameters @@ -238,6 +211,124 @@ module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bic

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clusterName`](#parameter-clustername) | string | The name of the AKS cluster that should be configured. | +| [`name`](#parameter-name) | string | The name of the Flux Configuration. | +| [`namespace`](#parameter-namespace) | string | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | +| [`scope`](#parameter-scope) | string | Scope at which the configuration will be installed. | +| [`sourceKind`](#parameter-sourcekind) | string | Source Kind to pull the configuration data from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`bucket`](#parameter-bucket) | object | Parameters to reconcile to the GitRepository source kind type. | +| [`configurationProtectedSettings`](#parameter-configurationprotectedsettings) | secureObject | Key-value pairs of protected configuration settings for the configuration. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gitRepository`](#parameter-gitrepository) | object | Parameters to reconcile to the GitRepository source kind type. | +| [`kustomizations`](#parameter-kustomizations) | object | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`suspend`](#parameter-suspend) | bool | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | + +### Parameter: `bucket` + +Parameters to reconcile to the GitRepository source kind type. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `clusterName` + +The name of the AKS cluster that should be configured. +- Required: Yes +- Type: string + +### Parameter: `configurationProtectedSettings` + +Key-value pairs of protected configuration settings for the configuration. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitRepository` + +Parameters to reconcile to the GitRepository source kind type. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `kustomizations` + +Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Flux Configuration. +- Required: Yes +- Type: string + +### Parameter: `namespace` + +The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. +- Required: Yes +- Type: string + +### Parameter: `scope` + +Scope at which the configuration will be installed. +- Required: Yes +- Type: string +- Allowed: `[cluster, namespace]` + +### Parameter: `sourceKind` + +Source Kind to pull the configuration data from. +- Required: Yes +- Type: string +- Allowed: `[Bucket, GitRepository]` + +### Parameter: `suspend` + +Whether this configuration should suspend its reconciliation of its kustomizations and sources. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the flux configuration. | +| `resourceGroupName` | string | The name of the resource group the flux configuration was deployed into. | +| `resourceId` | string | The resource ID of the flux configuration. | + +## Cross-referenced modules + +_None_ + ## Notes ### Prerequisites diff --git a/modules/kubernetes-configuration/flux-configuration/main.json b/modules/kubernetes-configuration/flux-configuration/main.json index 2615f2ccce..252df520e1 100644 --- a/modules/kubernetes-configuration/flux-configuration/main.json +++ b/modules/kubernetes-configuration/flux-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11648869363176032755" + "version": "0.22.6.54827", + "templateHash": "6686104224333946371" }, "name": "Kubernetes Configuration Flux Configurations", "description": "This module deploys a Kubernetes Configuration Flux Configuration.", diff --git a/modules/logic/workflow/.test/common/main.test.bicep b/modules/logic/workflow/.test/common/main.test.bicep index 743b19f8a1..80c5e688ac 100644 --- a/modules/logic/workflow/.test/common/main.test.bicep +++ b/modules/logic/workflow/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/logic/workflow/README.md b/modules/logic/workflow/README.md index fcf3c02ae4..19d3961c81 100644 --- a/modules/logic/workflow/README.md +++ b/modules/logic/workflow/README.md @@ -4,14 +4,14 @@ This module deploys a Logic App (Workflow). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,78 +20,27 @@ This module deploys a Logic App (Workflow). | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Logic/workflows` | [2019-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The logic app workflow name. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/logic.workflow:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actionsAccessControlConfiguration` | object | `{object}` | | The access control configuration for workflow actions. | -| `connectorEndpointsConfiguration` | object | `{object}` | | The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. | -| `contentsAccessControlConfiguration` | object | `{object}` | | The access control configuration for accessing workflow run contents. | -| `definitionParameters` | object | `{object}` | | Parameters for the definition template. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, WorkflowRuntime]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `integrationAccount` | object | `{object}` | | The integration account. | -| `integrationServiceEnvironmentResourceId` | string | `''` | | The integration service environment Id. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `state` | string | `'Enabled'` | `[Completed, Deleted, Disabled, Enabled, NotSpecified, Suspended]` | The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `triggersAccessControlConfiguration` | object | `{object}` | | The access control configuration for invoking workflow triggers. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `workflowActions` | object | `{object}` | | The definitions for one or more actions to execute at workflow runtime. | -| `workflowEndpointsConfiguration` | object | `{object}` | | The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. | -| `workflowManagementAccessControlConfiguration` | object | `{object}` | | The access control configuration for workflow management. | -| `workflowOutputs` | object | `{object}` | | The definitions for the outputs to return from a workflow run. | -| `workflowParameters` | object | `{object}` | | The definitions for one or more parameters that pass the values to use at your logic app's runtime. | -| `workflowStaticResults` | object | `{object}` | | The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | -| `workflowTriggers` | object | `{object}` | | The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | +- [Using large parameter set](#example-1-using-large-parameter-set) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the logic app. | -| `resourceGroupName` | string | The resource group the logic app was deployed into. | -| `resourceId` | string | The resource ID of the logic app. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module workflow './logic/workflow/main.bicep' = { +module workflow 'br:bicep/modules/logic.workflow:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-lwcom' params: { // Required parameters @@ -256,6 +205,276 @@ module workflow './logic/workflow/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The logic app workflow name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actionsAccessControlConfiguration`](#parameter-actionsaccesscontrolconfiguration) | object | The access control configuration for workflow actions. | +| [`connectorEndpointsConfiguration`](#parameter-connectorendpointsconfiguration) | object | The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. | +| [`contentsAccessControlConfiguration`](#parameter-contentsaccesscontrolconfiguration) | object | The access control configuration for accessing workflow run contents. | +| [`definitionParameters`](#parameter-definitionparameters) | object | Parameters for the definition template. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`integrationAccount`](#parameter-integrationaccount) | object | The integration account. | +| [`integrationServiceEnvironmentResourceId`](#parameter-integrationserviceenvironmentresourceid) | string | The integration service environment Id. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`state`](#parameter-state) | string | The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`triggersAccessControlConfiguration`](#parameter-triggersaccesscontrolconfiguration) | object | The access control configuration for invoking workflow triggers. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`workflowActions`](#parameter-workflowactions) | object | The definitions for one or more actions to execute at workflow runtime. | +| [`workflowEndpointsConfiguration`](#parameter-workflowendpointsconfiguration) | object | The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. | +| [`workflowManagementAccessControlConfiguration`](#parameter-workflowmanagementaccesscontrolconfiguration) | object | The access control configuration for workflow management. | +| [`workflowOutputs`](#parameter-workflowoutputs) | object | The definitions for the outputs to return from a workflow run. | +| [`workflowParameters`](#parameter-workflowparameters) | object | The definitions for one or more parameters that pass the values to use at your logic app's runtime. | +| [`workflowStaticResults`](#parameter-workflowstaticresults) | object | The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | +| [`workflowTriggers`](#parameter-workflowtriggers) | object | The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | + +### Parameter: `actionsAccessControlConfiguration` + +The access control configuration for workflow actions. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `connectorEndpointsConfiguration` + +The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `contentsAccessControlConfiguration` + +The access control configuration for accessing workflow run contents. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `definitionParameters` + +Parameters for the definition template. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, WorkflowRuntime]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `integrationAccount` + +The integration account. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `integrationServiceEnvironmentResourceId` + +The integration service environment Id. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The logic app workflow name. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `state` + +The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Completed, Deleted, Disabled, Enabled, NotSpecified, Suspended]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `triggersAccessControlConfiguration` + +The access control configuration for invoking workflow triggers. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowActions` + +The definitions for one or more actions to execute at workflow runtime. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowEndpointsConfiguration` + +The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowManagementAccessControlConfiguration` + +The access control configuration for workflow management. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowOutputs` + +The definitions for the outputs to return from a workflow run. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowParameters` + +The definitions for one or more parameters that pass the values to use at your logic app's runtime. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowStaticResults` + +The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowTriggers` + +The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the logic app. | +| `resourceGroupName` | string | The resource group the logic app was deployed into. | +| `resourceId` | string | The resource ID of the logic app. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage `AccessControlConfiguration` diff --git a/modules/logic/workflow/main.json b/modules/logic/workflow/main.json index b2670cf85d..dde2332a12 100644 --- a/modules/logic/workflow/main.json +++ b/modules/logic/workflow/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2324052045076799122" + "version": "0.22.6.54827", + "templateHash": "4385100753259148556" }, "name": "Logic Apps (Workflows)", "description": "This module deploys a Logic App (Workflow).", @@ -385,8 +385,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13203827803656665166" + "version": "0.22.6.54827", + "templateHash": "4086758110722720032" } }, "parameters": { diff --git a/modules/machine-learning-services/workspace/.test/common/main.test.bicep b/modules/machine-learning-services/workspace/.test/common/main.test.bicep index a50621023c..1955aee361 100644 --- a/modules/machine-learning-services/workspace/.test/common/main.test.bicep +++ b/modules/machine-learning-services/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/machine-learning-services/workspace/.test/min/main.test.bicep b/modules/machine-learning-services/workspace/.test/min/main.test.bicep index 302c8cef36..65a73dfd4d 100644 --- a/modules/machine-learning-services/workspace/.test/min/main.test.bicep +++ b/modules/machine-learning-services/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/machine-learning-services/workspace/README.md b/modules/machine-learning-services/workspace/README.md index 78eb3c9e54..ff8b39bf37 100644 --- a/modules/machine-learning-services/workspace/README.md +++ b/modules/machine-learning-services/workspace/README.md @@ -4,14 +4,14 @@ This module deploys a Machine Learning Services Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,92 +23,29 @@ This module deploys a Machine Learning Services Workspace. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `associatedApplicationInsightsResourceId` | string | | The resource ID of the associated Application Insights. | -| `associatedKeyVaultResourceId` | string | | The resource ID of the associated Key Vault. | -| `associatedStorageAccountResourceId` | string | | The resource ID of the associated Storage Account. | -| `name` | string | | The name of the machine learning workspace. | -| `sku` | string | `[Basic, Free, Premium, Standard]` | Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `primaryUserAssignedIdentity` | string | `''` | The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. | -| `systemAssignedIdentity` | bool | `False` | Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowPublicAccessWhenBehindVnet` | bool | `False` | | The flag to indicate whether to allow public access when behind VNet. | -| `associatedContainerRegistryResourceId` | string | `''` | | The resource ID of the associated Container Registry. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | -| `computes` | array | `[]` | | Computes to create respectively attach to the workspace. | -| `description` | string | `''` | | The description of this workspace. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AmlComputeClusterEvent, AmlComputeClusterNodeEvent, AmlComputeCpuGpuUtilization, AmlComputeJobEvent, AmlRunStatusChangedEvent]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `discoveryUrl` | string | `''` | | URL for the discovery service to identify regional endpoints for machine learning experimentation services. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hbiWorkspace` | bool | `False` | | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | -| `imageBuildCompute` | string | `''` | | The compute name for image build. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceManagedResourcesSettings` | object | `{object}` | | The service managed resource settings. | -| `sharedPrivateLinkResources` | array | `[]` | | The list of shared private link resources in this workspace. | -| `tags` | object | `{object}` | | Resource tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the machine learning service. | -| `principalId` | string | The principal ID of the system assigned identity. | -| `resourceGroupName` | string | The resource group the machine learning service was deployed into. | -| `resourceId` | string | The resource ID of the machine learning service. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/machine-learning-services.workspace:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module workspace './machine-learning-services/workspace/main.bicep' = { +module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mlswcom' params: { // Required parameters @@ -334,14 +271,14 @@ module workspace './machine-learning-services/workspace/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module workspace './machine-learning-services/workspace/main.bicep' = { +module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mlswecr' params: { // Required parameters @@ -469,14 +406,17 @@ module workspace './machine-learning-services/workspace/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './machine-learning-services/workspace/main.bicep' = { +module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mlswmin' params: { // Required parameters @@ -535,6 +475,322 @@ module workspace './machine-learning-services/workspace/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`associatedApplicationInsightsResourceId`](#parameter-associatedapplicationinsightsresourceid) | string | The resource ID of the associated Application Insights. | +| [`associatedKeyVaultResourceId`](#parameter-associatedkeyvaultresourceid) | string | The resource ID of the associated Key Vault. | +| [`associatedStorageAccountResourceId`](#parameter-associatedstorageaccountresourceid) | string | The resource ID of the associated Storage Account. | +| [`name`](#parameter-name) | string | The name of the machine learning workspace. | +| [`sku`](#parameter-sku) | string | Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`primaryUserAssignedIdentity`](#parameter-primaryuserassignedidentity) | string | The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowPublicAccessWhenBehindVnet`](#parameter-allowpublicaccesswhenbehindvnet) | bool | The flag to indicate whether to allow public access when behind VNet. | +| [`associatedContainerRegistryResourceId`](#parameter-associatedcontainerregistryresourceid) | string | The resource ID of the associated Container Registry. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | +| [`computes`](#parameter-computes) | array | Computes to create respectively attach to the workspace. | +| [`description`](#parameter-description) | string | The description of this workspace. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`discoveryUrl`](#parameter-discoveryurl) | string | URL for the discovery service to identify regional endpoints for machine learning experimentation services. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hbiWorkspace`](#parameter-hbiworkspace) | bool | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | +| [`imageBuildCompute`](#parameter-imagebuildcompute) | string | The compute name for image build. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceManagedResourcesSettings`](#parameter-servicemanagedresourcessettings) | object | The service managed resource settings. | +| [`sharedPrivateLinkResources`](#parameter-sharedprivatelinkresources) | array | The list of shared private link resources in this workspace. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `allowPublicAccessWhenBehindVnet` + +The flag to indicate whether to allow public access when behind VNet. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `associatedApplicationInsightsResourceId` + +The resource ID of the associated Application Insights. +- Required: Yes +- Type: string + +### Parameter: `associatedContainerRegistryResourceId` + +The resource ID of the associated Container Registry. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `associatedKeyVaultResourceId` + +The resource ID of the associated Key Vault. +- Required: Yes +- Type: string + +### Parameter: `associatedStorageAccountResourceId` + +The resource ID of the associated Storage Account. +- Required: Yes +- Type: string + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `computes` + +Computes to create respectively attach to the workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of this workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AmlComputeClusterEvent, AmlComputeClusterNodeEvent, AmlComputeCpuGpuUtilization, AmlComputeJobEvent, AmlRunStatusChangedEvent]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `discoveryUrl` + +URL for the discovery service to identify regional endpoints for machine learning experimentation services. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hbiWorkspace` + +The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `imageBuildCompute` + +The compute name for image build. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the machine learning workspace. +- Required: Yes +- Type: string + +### Parameter: `primaryUserAssignedIdentity` + +The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceManagedResourcesSettings` + +The service managed resource settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `sharedPrivateLinkResources` + +The list of shared private link resources in this workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. +- Required: Yes +- Type: string +- Allowed: `[Basic, Free, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the machine learning service. | +| `principalId` | string | The principal ID of the system assigned identity. | +| `resourceGroupName` | string | The resource group the machine learning service was deployed into. | +| `resourceId` | string | The resource ID of the machine learning service. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `computes` diff --git a/modules/machine-learning-services/workspace/compute/README.md b/modules/machine-learning-services/workspace/compute/README.md index 2c65c0486b..78fb6a7eee 100644 --- a/modules/machine-learning-services/workspace/compute/README.md +++ b/modules/machine-learning-services/workspace/compute/README.md @@ -21,38 +21,142 @@ Attaching a compute is not idempotent and will fail in case you try to redeploy **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `computeType` | string | `[AKS, AmlCompute, ComputeInstance, Databricks, DataFactory, DataLakeAnalytics, HDInsight, Kubernetes, SynapseSpark, VirtualMachine]` | Set the object type. | -| `name` | string | | Name of the compute. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`computeType`](#parameter-computetype) | string | Set the object type. | +| [`name`](#parameter-name) | string | Name of the compute. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `machineLearningWorkspaceName` | string | The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. | +| [`machineLearningWorkspaceName`](#parameter-machinelearningworkspacename) | string | The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `computeLocation` | string | `[resourceGroup().location]` | | Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `deployCompute` | bool | `True` | | Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. | -| `description` | string | `''` | | The description of the Machine Learning compute. | -| `disableLocalAuth` | bool | `False` | | Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Specifies the location of the resource. | -| `properties` | object | `{object}` | | The properties of the compute. Will be ignored in case "resourceId" is set. | -| `resourceId` | string | `''` | | ARM resource ID of the underlying compute. | -| `sku` | string | `''` | `['', Basic, Free, Premium, Standard]` | Specifies the sku, also referred as "edition". Required for creating a compute resource. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `tags` | object | `{object}` | | Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`computeLocation`](#parameter-computelocation) | string | Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| [`deployCompute`](#parameter-deploycompute) | bool | Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. | +| [`description`](#parameter-description) | string | The description of the Machine Learning compute. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Specifies the location of the resource. | +| [`properties`](#parameter-properties) | object | The properties of the compute. Will be ignored in case "resourceId" is set. | +| [`resourceId`](#parameter-resourceid) | string | ARM resource ID of the underlying compute. | +| [`sku`](#parameter-sku) | string | Specifies the sku, also referred as "edition". Required for creating a compute resource. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| [`tags`](#parameter-tags) | object | Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | + +### Parameter: `computeLocation` + +Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `computeType` + +Set the object type. +- Required: Yes +- Type: string +- Allowed: `[AKS, AmlCompute, ComputeInstance, Databricks, DataFactory, DataLakeAnalytics, HDInsight, Kubernetes, SynapseSpark, VirtualMachine]` + +### Parameter: `deployCompute` + +Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `description` + +The description of the Machine Learning compute. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Specifies the location of the resource. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `machineLearningWorkspaceName` + +The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the compute. +- Required: Yes +- Type: string + +### Parameter: `properties` + +The properties of the compute. Will be ignored in case "resourceId" is set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceId` + +ARM resource ID of the underlying compute. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sku` + +Specifies the sku, also referred as "edition". Required for creating a compute resource. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Basic, Free, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the compute. | diff --git a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep index 5206cb44e2..4606ff4c70 100644 --- a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep +++ b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep b/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep index 3b9ba0d973..1120f4565b 100644 --- a/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep +++ b/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 550d69eb48..75f6334537 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -5,10 +5,10 @@ This module deploys a Maintenance Configuration. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,59 +18,28 @@ This module deploys a Maintenance Configuration. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Maintenance/maintenanceConfigurations` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/maintenanceConfigurations) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Maintenance Configuration Name. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extensionProperties` | object | `{object}` | | Gets or sets extensionProperties of the maintenanceConfiguration. | -| `installPatches` | object | `{object}` | | Configuration settings for VM guest patching with Azure Update Manager. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maintenanceScope` | string | `'Host'` | `[Extension, Host, InGuestPatch, OSImage, SQLDB, SQLManagedInstance]` | Gets or sets maintenanceScope of the configuration. | -| `maintenanceWindow` | object | `{object}` | | Definition of a MaintenanceWindow. | -| `namespace` | string | `''` | | Gets or sets namespace of the resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Gets or sets tags of the resource. | -| `visibility` | string | `''` | `['', Custom, Public]` | Gets or sets the visibility of the configuration. The default value is 'Custom'. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the Maintenance Configuration was created in. | -| `name` | string | The name of the Maintenance Configuration. | -| `resourceGroupName` | string | The name of the resource group the Maintenance Configuration was created in. | -| `resourceId` | string | The resource ID of the Maintenance Configuration. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/maintenance.maintenance-configuration:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module maintenanceConfiguration './maintenance/maintenance-configuration/main.bicep' = { +module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mmccom' params: { // Required parameters @@ -210,14 +179,17 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module maintenanceConfiguration './maintenance/maintenance-configuration/main.bicep' = { +module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mmcmin' params: { // Required parameters @@ -254,3 +226,128 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Maintenance Configuration Name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extensionProperties`](#parameter-extensionproperties) | object | Gets or sets extensionProperties of the maintenanceConfiguration. | +| [`installPatches`](#parameter-installpatches) | object | Configuration settings for VM guest patching with Azure Update Manager. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maintenanceScope`](#parameter-maintenancescope) | string | Gets or sets maintenanceScope of the configuration. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Definition of a MaintenanceWindow. | +| [`namespace`](#parameter-namespace) | string | Gets or sets namespace of the resource. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Gets or sets tags of the resource. | +| [`visibility`](#parameter-visibility) | string | Gets or sets the visibility of the configuration. The default value is 'Custom'. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionProperties` + +Gets or sets extensionProperties of the maintenanceConfiguration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `installPatches` + +Configuration settings for VM guest patching with Azure Update Manager. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maintenanceScope` + +Gets or sets maintenanceScope of the configuration. +- Required: No +- Type: string +- Default: `'Host'` +- Allowed: `[Extension, Host, InGuestPatch, OSImage, SQLDB, SQLManagedInstance]` + +### Parameter: `maintenanceWindow` + +Definition of a MaintenanceWindow. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Maintenance Configuration Name. +- Required: Yes +- Type: string + +### Parameter: `namespace` + +Gets or sets namespace of the resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Gets or sets tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `visibility` + +Gets or sets the visibility of the configuration. The default value is 'Custom'. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Custom, Public]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the Maintenance Configuration was created in. | +| `name` | string | The name of the Maintenance Configuration. | +| `resourceGroupName` | string | The name of the resource group the Maintenance Configuration was created in. | +| `resourceId` | string | The resource ID of the Maintenance Configuration. | + +## Cross-referenced modules + +_None_ diff --git a/modules/maintenance/maintenance-configuration/main.json b/modules/maintenance/maintenance-configuration/main.json index fa8b75249d..1215f56f14 100644 --- a/modules/maintenance/maintenance-configuration/main.json +++ b/modules/maintenance/maintenance-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11249408608442094590" + "version": "0.22.6.54827", + "templateHash": "2646666210857505384" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration.", @@ -192,8 +192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13667533049136172110" + "version": "0.22.6.54827", + "templateHash": "17730168206359180764" } }, "parameters": { diff --git a/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep b/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep index 35e152866a..d99f3b2a60 100644 --- a/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep +++ b/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep b/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep index 95ed7da3d2..4a83660c9c 100644 --- a/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep +++ b/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/managed-identity/user-assigned-identity/README.md b/modules/managed-identity/user-assigned-identity/README.md index 5a4b75c1b9..bcf7800957 100644 --- a/modules/managed-identity/user-assigned-identity/README.md +++ b/modules/managed-identity/user-assigned-identity/README.md @@ -4,13 +4,13 @@ This module deploys a User Assigned Identity. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,51 +19,28 @@ This module deploys a User Assigned Identity. | `Microsoft.ManagedIdentity/userAssignedIdentities` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities) | | `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities/federatedIdentityCredentials) | -## Parameters - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `federatedIdentityCredentials` | array | `[]` | | The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[guid(resourceGroup().id)]` | | Name of the User Assigned Identity. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `clientId` | string | The client ID (application ID) of the user assigned identity. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the user assigned identity. | -| `principalId` | string | The principal ID (object ID) of the user assigned identity. | -| `resourceGroupName` | string | The resource group the user assigned identity was deployed into. | -| `resourceId` | string | The resource ID of the user assigned identity. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/managed-identity.user-assigned-identity:1.0.0`. -## Cross-referenced modules +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -_None_ +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module userAssignedIdentity './managed-identity/user-assigned-identity/main.bicep' = { +module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-identity:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-miuaicom' params: { enableDefaultTelemetry: '' @@ -155,14 +132,17 @@ module userAssignedIdentity './managed-identity/user-assigned-identity/main.bice

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module userAssignedIdentity './managed-identity/user-assigned-identity/main.bicep' = { +module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-identity:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-miuaimin' params: { enableDefaultTelemetry: '' @@ -191,3 +171,84 @@ module userAssignedIdentity './managed-identity/user-assigned-identity/main.bice

+ + +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`federatedIdentityCredentials`](#parameter-federatedidentitycredentials) | array | The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`name`](#parameter-name) | string | Name of the User Assigned Identity. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `federatedIdentityCredentials` + +The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the User Assigned Identity. +- Required: No +- Type: string +- Default: `[guid(resourceGroup().id)]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `clientId` | string | The client ID (application ID) of the user assigned identity. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the user assigned identity. | +| `principalId` | string | The principal ID (object ID) of the user assigned identity. | +| `resourceGroupName` | string | The resource group the user assigned identity was deployed into. | +| `resourceId` | string | The resource ID of the user assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md b/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md index 0405906384..ab9e7a346f 100644 --- a/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md +++ b/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md @@ -19,29 +19,66 @@ This module deploys a User Assigned Identity Federated Identity Credential. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `audiences` | array | The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. | -| `issuer` | string | The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. | -| `name` | string | The name of the secret. | -| `subject` | string | The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. | +| [`audiences`](#parameter-audiences) | array | The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. | +| [`issuer`](#parameter-issuer) | string | The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. | +| [`name`](#parameter-name) | string | The name of the secret. | +| [`subject`](#parameter-subject) | string | The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `userAssignedIdentityName` | string | The name of the parent user assigned identity. Required if the template is used in a standalone deployment. | +| [`userAssignedIdentityName`](#parameter-userassignedidentityname) | string | The name of the parent user assigned identity. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `audiences` + +The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `issuer` + +The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the secret. +- Required: Yes +- Type: string + +### Parameter: `subject` + +The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. +- Required: Yes +- Type: string + +### Parameter: `userAssignedIdentityName` + +The name of the parent user assigned identity. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the federated identity credential. | | `resourceGroupName` | string | The name of the resource group the federated identity credential was created in. | diff --git a/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json b/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json index be4b79c764..d7d037aaa3 100644 --- a/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json +++ b/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13014227007294077055" + "version": "0.22.6.54827", + "templateHash": "15026838206978058830" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential.", diff --git a/modules/managed-identity/user-assigned-identity/main.json b/modules/managed-identity/user-assigned-identity/main.json index 3efc21a3a0..8b93e98d84 100644 --- a/modules/managed-identity/user-assigned-identity/main.json +++ b/modules/managed-identity/user-assigned-identity/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5028263176846859457" + "version": "0.22.6.54827", + "templateHash": "689312003789935835" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity.", @@ -145,8 +145,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "961909405436269630" + "version": "0.22.6.54827", + "templateHash": "15026838206978058830" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential.", @@ -280,8 +280,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5263933546195004806" + "version": "0.22.6.54827", + "templateHash": "2246284698738978006" } }, "parameters": { diff --git a/modules/managed-services/registration-definition/.test/common/main.test.bicep b/modules/managed-services/registration-definition/.test/common/main.test.bicep index bb23b4235e..854fe9a70d 100644 --- a/modules/managed-services/registration-definition/.test/common/main.test.bicep +++ b/modules/managed-services/registration-definition/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/managed-services/registration-definition/README.md b/modules/managed-services/registration-definition/README.md index 690c4c3720..23aac725b0 100644 --- a/modules/managed-services/registration-definition/README.md +++ b/modules/managed-services/registration-definition/README.md @@ -8,68 +8,42 @@ remote/managing tenant. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.ManagedServices/registrationAssignments` | [2019-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedServices/2019-09-01/registrationAssignments) | | `Microsoft.ManagedServices/registrationDefinitions` | [2019-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedServices/2019-09-01/registrationDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `authorizations` | array | Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. | -| `managedByTenantId` | string | Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. | -| `name` | string | Specify a unique name for your offer/registration. i.e ' - - '. | -| `registrationDescription` | string | Description of the offer/registration. i.e. 'Managed by '. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `resourceGroupName` | string | `''` | Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `assignmentResourceId` | string | The registration assignment resource ID. | -| `name` | string | The name of the registration definition. | -| `resourceId` | string | The resource ID of the registration definition. | -| `subscriptionName` | string | The subscription the registration definition was deployed into. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/managed-services.registration-definition:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Rg](#example-2-rg) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module registrationDefinition './managed-services/registration-definition/main.bicep' = { +module registrationDefinition 'br:bicep/modules/managed-services.registration-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-msrdcom' params: { // Required parameters @@ -151,14 +125,14 @@ module registrationDefinition './managed-services/registration-definition/main.b

-

Example 2: Rg

+### Example 2: _Rg_
via Bicep module ```bicep -module registrationDefinition './managed-services/registration-definition/main.bicep' = { +module registrationDefinition 'br:bicep/modules/managed-services.registration-definition:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-msrdrg' params: { // Required parameters @@ -245,6 +219,84 @@ module registrationDefinition './managed-services/registration-definition/main.b

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizations`](#parameter-authorizations) | array | Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. | +| [`managedByTenantId`](#parameter-managedbytenantid) | string | Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. | +| [`name`](#parameter-name) | string | Specify a unique name for your offer/registration. i.e ' - - '. | +| [`registrationDescription`](#parameter-registrationdescription) | string | Description of the offer/registration. i.e. 'Managed by '. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. | + +### Parameter: `authorizations` + +Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managedByTenantId` + +Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. +- Required: Yes +- Type: string + +### Parameter: `name` + +Specify a unique name for your offer/registration. i.e ' - - '. +- Required: Yes +- Type: string + +### Parameter: `registrationDescription` + +Description of the offer/registration. i.e. 'Managed by '. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `assignmentResourceId` | string | The registration assignment resource ID. | +| `name` | string | The name of the registration definition. | +| `resourceId` | string | The resource ID of the registration definition. | +| `subscriptionName` | string | The subscription the registration definition was deployed into. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/managed-services/registration-definition/main.json b/modules/managed-services/registration-definition/main.json index e636c18090..2940047230 100644 --- a/modules/managed-services/registration-definition/main.json +++ b/modules/managed-services/registration-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1981923206458772574" + "version": "0.22.6.54827", + "templateHash": "18225216426535356338" }, "name": "Registration Definitions", "description": "This module deploys a `Registration Definition` and a `Registration Assignment` (often referred to as 'Lighthouse' or 'resource delegation')\r\non subscription or resource group scopes. This type of delegation is very similar to role assignments but here the principal that is\r\nassigned a role is in a remote/managing Azure Active Directory tenant. The templates are run towards the tenant where\r\nthe Azure resources you want to delegate access to are, providing 'authorizations' (aka. access delegation) to principals in a\r\nremote/managing tenant.", @@ -125,8 +125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11245217647113250760" + "version": "0.22.6.54827", + "templateHash": "3494089951098103079" } }, "parameters": { diff --git a/modules/management/management-group/.test/common/main.test.bicep b/modules/management/management-group/.test/common/main.test.bicep index eff3e650d8..65122a5c04 100644 --- a/modules/management/management-group/.test/common/main.test.bicep +++ b/modules/management/management-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'managementGroup' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/management/management-group/.test/min/main.test.bicep b/modules/management/management-group/.test/min/main.test.bicep index 41bd4cdfba..471cd8cc08 100644 --- a/modules/management/management-group/.test/min/main.test.bicep +++ b/modules/management/management-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'managementGroup' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/management/management-group/README.md b/modules/management/management-group/README.md index ff8276cec7..cba016ed6e 100644 --- a/modules/management/management-group/README.md +++ b/modules/management/management-group/README.md @@ -8,63 +8,41 @@ This module has some known **limitations**: ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Management/managementGroups` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The group ID of the Management group. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/management.management-group:1.0.0`. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `displayName` | string | `''` | The friendly name of the management group. If no value is passed then this field will be set to the group ID. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `parentId` | string | `[last(split(managementGroup().id, '/'))]` | The management group parent ID. Defaults to current scope. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the management group. | -| `resourceId` | string | The resource ID of the management group. | - -## Cross-referenced modules - -_None_ +This instance deploys the module with most of its features enabled. -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module managementGroup './management/management-group/main.bicep' = { +module managementGroup 'br:bicep/modules/management.management-group:1.0.0' = { name: '${uniqueString(deployment().name)}-test-mmgcom' params: { // Required parameters @@ -110,14 +88,17 @@ module managementGroup './management/management-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managementGroup './management/management-group/main.bicep' = { +module managementGroup 'br:bicep/modules/management.management-group:1.0.0' = { name: '${uniqueString(deployment().name)}-test-mmgmin' params: { // Required parameters @@ -156,6 +137,69 @@ module managementGroup './management/management-group/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The group ID of the Management group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`displayName`](#parameter-displayname) | string | The friendly name of the management group. If no value is passed then this field will be set to the group ID. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`parentId`](#parameter-parentid) | string | The management group parent ID. Defaults to current scope. | + +### Parameter: `displayName` + +The friendly name of the management group. If no value is passed then this field will be set to the group ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +The group ID of the Management group. +- Required: Yes +- Type: string + +### Parameter: `parentId` + +The management group parent ID. Defaults to current scope. +- Required: No +- Type: string +- Default: `[last(split(managementGroup().id, '/'))]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the management group. | +| `resourceId` | string | The resource ID of the management group. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/management/management-group/main.json b/modules/management/management-group/main.json index 6288682f3e..728fe73364 100644 --- a/modules/management/management-group/main.json +++ b/modules/management/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13700903894139474584" + "version": "0.22.6.54827", + "templateHash": "10015491334460357572" }, "name": "Management Groups", "description": "This template will prepare the management group structure based on the provided parameter.\r\n\r\nThis module has some known **limitations**:\r\n- It's not possible to change the display name of the root management group (the one that has the tenant GUID as ID)\r\n- It can't manage the Root (/) management group", diff --git a/modules/net-app/net-app-account/.test/min/main.test.bicep b/modules/net-app/net-app-account/.test/min/main.test.bicep index 389a87065a..509217aef3 100644 --- a/modules/net-app/net-app-account/.test/min/main.test.bicep +++ b/modules/net-app/net-app-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/net-app/net-app-account/README.md b/modules/net-app/net-app-account/README.md index 61958f1328..c589ef8523 100644 --- a/modules/net-app/net-app-account/README.md +++ b/modules/net-app/net-app-account/README.md @@ -4,13 +4,13 @@ This module deploys an Azure NetApp File. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,61 +20,29 @@ This module deploys an Azure NetApp File. | `Microsoft.NetApp/netAppAccounts/capacityPools` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools) | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools/volumes) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the NetApp account. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacityPools` | array | `[]` | | Capacity pools to create. | -| `dnsServers` | string | `''` | | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | -| `domainJoinOU` | string | `''` | | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | -| `domainJoinPassword` | securestring | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | -| `domainJoinUser` | string | `''` | | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | -| `domainName` | string | `''` | | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smbServerNamePrefix` | string | `''` | | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | -| `tags` | object | `{object}` | | Tags for all resources. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the NetApp account. | -| `resourceGroupName` | string | The name of the Resource Group the NetApp account was created in. | -| `resourceId` | string | The Resource ID of the NetApp account. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/net-app.net-app-account:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Nfs3](#example-2-nfs3) +- [Nfs41](#example-3-nfs41) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Min

via Bicep module ```bicep -module netAppAccount './net-app/net-app-account/main.bicep' = { +module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nanaamin' params: { // Required parameters @@ -112,14 +80,14 @@ module netAppAccount './net-app/net-app-account/main.bicep' = {

-

Example 2: Nfs3

+### Example 2: _Nfs3_
via Bicep module ```bicep -module netAppAccount './net-app/net-app-account/main.bicep' = { +module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nanaanfs3' params: { // Required parameters @@ -339,14 +307,14 @@ module netAppAccount './net-app/net-app-account/main.bicep' = {

-

Example 3: Nfs41

+### Example 3: _Nfs41_
via Bicep module ```bicep -module netAppAccount './net-app/net-app-account/main.bicep' = { +module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nanaanfs41' params: { // Required parameters @@ -589,3 +557,142 @@ module netAppAccount './net-app/net-app-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the NetApp account. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacityPools`](#parameter-capacitypools) | array | Capacity pools to create. | +| [`dnsServers`](#parameter-dnsservers) | string | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | +| [`domainJoinOU`](#parameter-domainjoinou) | string | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | +| [`domainJoinPassword`](#parameter-domainjoinpassword) | securestring | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | +| [`domainJoinUser`](#parameter-domainjoinuser) | string | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | +| [`domainName`](#parameter-domainname) | string | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`smbServerNamePrefix`](#parameter-smbservernameprefix) | string | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `capacityPools` + +Capacity pools to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsServers` + +Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainJoinOU` + +Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainJoinPassword` + +Required if domainName is specified. Password of the user specified in domainJoinUser parameter. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `domainJoinUser` + +Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainName` + +Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the NetApp account. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `smbServerNamePrefix` + +Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the NetApp account. | +| `resourceGroupName` | string | The name of the Resource Group the NetApp account was created in. | +| `resourceId` | string | The Resource ID of the NetApp account. | + +## Cross-referenced modules + +_None_ diff --git a/modules/net-app/net-app-account/capacity-pool/README.md b/modules/net-app/net-app-account/capacity-pool/README.md index c614fe1313..527a0d6555 100644 --- a/modules/net-app/net-app-account/capacity-pool/README.md +++ b/modules/net-app/net-app-account/capacity-pool/README.md @@ -21,35 +21,119 @@ This module deploys an Azure NetApp Files Capacity Pool. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the capacity pool. | -| `size` | int | Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). | +| [`name`](#parameter-name) | string | The name of the capacity pool. | +| [`size`](#parameter-size) | int | Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `netAppAccountName` | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | +| [`netAppAccountName`](#parameter-netappaccountname) | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `coolAccess` | bool | `False` | | If enabled (true) the pool can contain cool Access enabled volumes. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionType` | string | `'Single'` | `[Double, Single]` | Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. | -| `location` | string | `[resourceGroup().location]` | | Location of the pool volume. | -| `qosType` | string | `'Auto'` | `[Auto, Manual]` | The qos type of the pool. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceLevel` | string | `'Standard'` | `[Premium, Standard, StandardZRS, Ultra]` | The pool service level. | -| `tags` | object | `{object}` | | Tags for all resources. | -| `volumes` | array | `[]` | | List of volumnes to create in the capacity pool. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`coolAccess`](#parameter-coolaccess) | bool | If enabled (true) the pool can contain cool Access enabled volumes. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionType`](#parameter-encryptiontype) | string | Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. | +| [`location`](#parameter-location) | string | Location of the pool volume. | +| [`qosType`](#parameter-qostype) | string | The qos type of the pool. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceLevel`](#parameter-servicelevel) | string | The pool service level. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | +| [`volumes`](#parameter-volumes) | array | List of volumnes to create in the capacity pool. | + +### Parameter: `coolAccess` + +If enabled (true) the pool can contain cool Access enabled volumes. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionType` + +Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. +- Required: No +- Type: string +- Default: `'Single'` +- Allowed: `[Double, Single]` + +### Parameter: `location` + +Location of the pool volume. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the capacity pool. +- Required: Yes +- Type: string + +### Parameter: `netAppAccountName` + +The name of the parent NetApp account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `qosType` + +The qos type of the pool. +- Required: No +- Type: string +- Default: `'Auto'` +- Allowed: `[Auto, Manual]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceLevel` + +The pool service level. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Premium, Standard, StandardZRS, Ultra]` + +### Parameter: `size` + +Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). +- Required: Yes +- Type: int + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +List of volumnes to create in the capacity pool. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Capacity Pool. | diff --git a/modules/net-app/net-app-account/capacity-pool/main.json b/modules/net-app/net-app-account/capacity-pool/main.json index 0ef41ba698..799fc661e7 100644 --- a/modules/net-app/net-app-account/capacity-pool/main.json +++ b/modules/net-app/net-app-account/capacity-pool/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13333372953499047799" + "version": "0.22.6.54827", + "templateHash": "12343130799883120576" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -191,8 +191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5724175752968001086" + "version": "0.22.6.54827", + "templateHash": "14691007687090359135" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -348,8 +348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6579931820257793193" + "version": "0.22.6.54827", + "templateHash": "11293747403075474966" } }, "parameters": { @@ -533,8 +533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6567527079478034080" + "version": "0.22.6.54827", + "templateHash": "121785236396056059" } }, "parameters": { diff --git a/modules/net-app/net-app-account/capacity-pool/volume/README.md b/modules/net-app/net-app-account/capacity-pool/volume/README.md index 1996ecba95..c0d9409c13 100644 --- a/modules/net-app/net-app-account/capacity-pool/volume/README.md +++ b/modules/net-app/net-app-account/capacity-pool/volume/README.md @@ -20,35 +20,115 @@ This module deploys an Azure NetApp Files Capacity Pool Volume. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the pool volume. | -| `subnetResourceId` | string | The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. | -| `usageThreshold` | int | Maximum storage quota allowed for a file system in bytes. | +| [`name`](#parameter-name) | string | The name of the pool volume. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. | +| [`usageThreshold`](#parameter-usagethreshold) | int | Maximum storage quota allowed for a file system in bytes. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `capacityPoolName` | string | The name of the parent capacity pool. Required if the template is used in a standalone deployment. | -| `netAppAccountName` | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | +| [`capacityPoolName`](#parameter-capacitypoolname) | string | The name of the parent capacity pool. Required if the template is used in a standalone deployment. | +| [`netAppAccountName`](#parameter-netappaccountname) | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `creationToken` | string | `[parameters('name')]` | | A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exportPolicyRules` | array | `[]` | | Export policy rules. | -| `location` | string | `[resourceGroup().location]` | | Location of the pool volume. | -| `protocolTypes` | array | `[]` | | Set of protocol types. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceLevel` | string | `'Standard'` | `[Premium, Standard, StandardZRS, Ultra]` | The pool service level. Must match the one of the parent capacity pool. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`creationToken`](#parameter-creationtoken) | string | A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exportPolicyRules`](#parameter-exportpolicyrules) | array | Export policy rules. | +| [`location`](#parameter-location) | string | Location of the pool volume. | +| [`protocolTypes`](#parameter-protocoltypes) | array | Set of protocol types. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceLevel`](#parameter-servicelevel) | string | The pool service level. Must match the one of the parent capacity pool. | + +### Parameter: `capacityPoolName` + +The name of the parent capacity pool. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `creationToken` + +A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exportPolicyRules` + +Export policy rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location of the pool volume. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the pool volume. +- Required: Yes +- Type: string + +### Parameter: `netAppAccountName` + +The name of the parent NetApp account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `protocolTypes` + +Set of protocol types. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceLevel` + +The pool service level. Must match the one of the parent capacity pool. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Premium, Standard, StandardZRS, Ultra]` + +### Parameter: `subnetResourceId` + +The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. +- Required: Yes +- Type: string + +### Parameter: `usageThreshold` + +Maximum storage quota allowed for a file system in bytes. +- Required: Yes +- Type: int ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Volume. | diff --git a/modules/net-app/net-app-account/capacity-pool/volume/main.json b/modules/net-app/net-app-account/capacity-pool/volume/main.json index 49b126bd4d..67e9e039f4 100644 --- a/modules/net-app/net-app-account/capacity-pool/volume/main.json +++ b/modules/net-app/net-app-account/capacity-pool/volume/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5724175752968001086" + "version": "0.22.6.54827", + "templateHash": "14691007687090359135" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -161,8 +161,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6579931820257793193" + "version": "0.22.6.54827", + "templateHash": "11293747403075474966" } }, "parameters": { diff --git a/modules/net-app/net-app-account/main.json b/modules/net-app/net-app-account/main.json index 0a493368ff..60bd7acee6 100644 --- a/modules/net-app/net-app-account/main.json +++ b/modules/net-app/net-app-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5672083206908645861" + "version": "0.22.6.54827", + "templateHash": "5505435135426261272" }, "name": "Azure NetApp Files", "description": "This module deploys an Azure NetApp File.", @@ -204,8 +204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7683969196599898101" + "version": "0.22.6.54827", + "templateHash": "4540603330973895229" } }, "parameters": { @@ -361,8 +361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10886668033150864965" + "version": "0.22.6.54827", + "templateHash": "12343130799883120576" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -548,8 +548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5786364369491933087" + "version": "0.22.6.54827", + "templateHash": "14691007687090359135" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -705,8 +705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9382580519288369520" + "version": "0.22.6.54827", + "templateHash": "11293747403075474966" } }, "parameters": { @@ -890,8 +890,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3927269100657288300" + "version": "0.22.6.54827", + "templateHash": "121785236396056059" } }, "parameters": { diff --git a/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep b/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep index f9b166f85c..0c71d78598 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep +++ b/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/application-gateway-web-application-firewall-policy/README.md b/modules/network/application-gateway-web-application-firewall-policy/README.md index ecc3fd56fa..97b54c1336 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/README.md +++ b/modules/network/application-gateway-web-application-firewall-policy/README.md @@ -5,10 +5,10 @@ This module deploys an Application Gateway Web Application Firewall (WAF) Policy ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,54 +16,27 @@ This module deploys an Application Gateway Web Application Firewall (WAF) Policy | :-- | :-- | | `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/ApplicationGatewayWebApplicationFirewallPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Gateway WAF policy. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `customRules` | array | `[]` | The custom rules inside the policy. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `managedRules` | object | `{object}` | Describes the managedRules structure. | -| `policySettings` | object | `{object}` | The PolicySettings for policy. | -| `tags` | object | `{object}` | Resource tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application gateway WAF policy. | -| `resourceGroupName` | string | The resource group the application gateway WAF policy was deployed into. | -| `resourceId` | string | The resource ID of the application gateway WAF policy. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.application-gateway-web-application-firewall-policy:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationGatewayWebApplicationFirewallPolicy './network/application-gateway-web-application-firewall-policy/main.bicep' = { +module applicationGatewayWebApplicationFirewallPolicy 'br:bicep/modules/network.application-gateway-web-application-firewall-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nagwafpcom' params: { // Required parameters @@ -154,3 +127,85 @@ module applicationGatewayWebApplicationFirewallPolicy './network/application-gat

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Gateway WAF policy. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customRules`](#parameter-customrules) | array | The custom rules inside the policy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managedRules`](#parameter-managedrules) | object | Describes the managedRules structure. | +| [`policySettings`](#parameter-policysettings) | object | The PolicySettings for policy. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `customRules` + +The custom rules inside the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `managedRules` + +Describes the managedRules structure. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the Application Gateway WAF policy. +- Required: Yes +- Type: string + +### Parameter: `policySettings` + +The PolicySettings for policy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application gateway WAF policy. | +| `resourceGroupName` | string | The resource group the application gateway WAF policy was deployed into. | +| `resourceId` | string | The resource ID of the application gateway WAF policy. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/application-gateway-web-application-firewall-policy/main.json b/modules/network/application-gateway-web-application-firewall-policy/main.json index 3586f21c15..9c0a3caeb5 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/main.json +++ b/modules/network/application-gateway-web-application-firewall-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1454714316313419889" + "version": "0.22.6.54827", + "templateHash": "1301728261383253712" }, "name": "Application Gateway Web Application Firewall (WAF) Policies", "description": "This module deploys an Application Gateway Web Application Firewall (WAF) Policy.", diff --git a/modules/network/application-gateway/.test/common/main.test.bicep b/modules/network/application-gateway/.test/common/main.test.bicep index 9c66f3fa8e..548ada9bbd 100644 --- a/modules/network/application-gateway/.test/common/main.test.bicep +++ b/modules/network/application-gateway/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/application-gateway/README.md b/modules/network/application-gateway/README.md index b8e66e159f..aaee08b326 100644 --- a/modules/network/application-gateway/README.md +++ b/modules/network/application-gateway/README.md @@ -5,10 +5,10 @@ This module deploys a Network Application Gateway. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -21,103 +21,27 @@ This module deploys a Network Application Gateway. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Gateway. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationCertificates` | array | `[]` | | Authentication certificates of the application gateway resource. | -| `autoscaleMaxCapacity` | int | `-1` | | Upper bound on number of Application Gateway capacity. | -| `autoscaleMinCapacity` | int | `-1` | | Lower bound on number of Application Gateway capacity. | -| `backendAddressPools` | array | `[]` | | Backend address pool of the application gateway resource. | -| `backendHttpSettingsCollection` | array | `[]` | | Backend http settings of the application gateway resource. | -| `backendSettingsCollection` | array | `[]` | | Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | -| `capacity` | int | `2` | | The number of Application instances to be configured. | -| `customErrorConfigurations` | array | `[]` | | Custom error configurations of the application gateway resource. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableFips` | bool | `False` | | Whether FIPS is enabled on the application gateway resource. | -| `enableHttp2` | bool | `False` | | Whether HTTP2 is enabled on the application gateway resource. | -| `enableRequestBuffering` | bool | `False` | | Enable request buffering. | -| `enableResponseBuffering` | bool | `False` | | Enable response buffering. | -| `firewallPolicyId` | string | `''` | | The resource ID of an associated firewall policy. Should be configured for security reasons. | -| `frontendIPConfigurations` | array | `[]` | | Frontend IP addresses of the application gateway resource. | -| `frontendPorts` | array | `[]` | | Frontend ports of the application gateway resource. | -| `gatewayIPConfigurations` | array | `[]` | | Subnets of the application gateway resource. | -| `httpListeners` | array | `[]` | | Http listeners of the application gateway resource. | -| `listeners` | array | `[]` | | Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | -| `loadDistributionPolicies` | array | `[]` | | Load distribution policies of the application gateway resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `privateLinkConfigurations` | array | `[]` | | PrivateLink configurations on application gateway. | -| `probes` | array | `[]` | | Probes of the application gateway resource. | -| `redirectConfigurations` | array | `[]` | | Redirect configurations of the application gateway resource. | -| `requestRoutingRules` | array | `[]` | | Request routing rules of the application gateway resource. | -| `rewriteRuleSets` | array | `[]` | | Rewrite rules for the application gateway resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routingRules` | array | `[]` | | Routing rules of the application gateway resource. | -| `sku` | string | `'WAF_Medium'` | `[Standard_Large, Standard_Medium, Standard_Small, Standard_v2, WAF_Large, WAF_Medium, WAF_v2]` | The name of the SKU for the Application Gateway. | -| `sslCertificates` | array | `[]` | | SSL certificates of the application gateway resource. | -| `sslPolicyCipherSuites` | array | `[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]` | `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` | Ssl cipher suites to be enabled in the specified order to application gateway. | -| `sslPolicyMinProtocolVersion` | string | `'TLSv1_2'` | `[TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3]` | Ssl protocol enums. | -| `sslPolicyName` | string | `''` | `['', AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S, AppGwSslPolicy20220101, AppGwSslPolicy20220101S]` | Ssl predefined policy name enums. | -| `sslPolicyType` | string | `'Custom'` | `[Custom, CustomV2, Predefined]` | Type of Ssl Policy. | -| `sslProfiles` | array | `[]` | | SSL profiles of the application gateway resource. | -| `tags` | object | `{object}` | | Resource tags. | -| `trustedClientCertificates` | array | `[]` | | Trusted client certificates of the application gateway resource. | -| `trustedRootCertificates` | array | `[]` | | Trusted Root certificates of the application gateway resource. | -| `urlPathMaps` | array | `[]` | | URL path map of the application gateway resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webApplicationFirewallConfiguration` | object | `{object}` | | Application gateway web application firewall configuration. Should be configured for security reasons. | -| `zones` | array | `[]` | | A list of availability zones denoting where the resource needs to come from. | - - -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application gateway. | -| `resourceGroupName` | string | The resource group the application gateway was deployed into. | -| `resourceId` | string | The resource ID of the application gateway. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.application-gateway:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationGateway './network/application-gateway/main.bicep' = { +module applicationGateway 'br:bicep/modules/network.application-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nagcom' params: { // Required parameters @@ -1024,3 +948,457 @@ module applicationGateway './network/application-gateway/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Gateway. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authenticationCertificates`](#parameter-authenticationcertificates) | array | Authentication certificates of the application gateway resource. | +| [`autoscaleMaxCapacity`](#parameter-autoscalemaxcapacity) | int | Upper bound on number of Application Gateway capacity. | +| [`autoscaleMinCapacity`](#parameter-autoscalemincapacity) | int | Lower bound on number of Application Gateway capacity. | +| [`backendAddressPools`](#parameter-backendaddresspools) | array | Backend address pool of the application gateway resource. | +| [`backendHttpSettingsCollection`](#parameter-backendhttpsettingscollection) | array | Backend http settings of the application gateway resource. | +| [`backendSettingsCollection`](#parameter-backendsettingscollection) | array | Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | +| [`capacity`](#parameter-capacity) | int | The number of Application instances to be configured. | +| [`customErrorConfigurations`](#parameter-customerrorconfigurations) | array | Custom error configurations of the application gateway resource. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableFips`](#parameter-enablefips) | bool | Whether FIPS is enabled on the application gateway resource. | +| [`enableHttp2`](#parameter-enablehttp2) | bool | Whether HTTP2 is enabled on the application gateway resource. | +| [`enableRequestBuffering`](#parameter-enablerequestbuffering) | bool | Enable request buffering. | +| [`enableResponseBuffering`](#parameter-enableresponsebuffering) | bool | Enable response buffering. | +| [`firewallPolicyId`](#parameter-firewallpolicyid) | string | The resource ID of an associated firewall policy. Should be configured for security reasons. | +| [`frontendIPConfigurations`](#parameter-frontendipconfigurations) | array | Frontend IP addresses of the application gateway resource. | +| [`frontendPorts`](#parameter-frontendports) | array | Frontend ports of the application gateway resource. | +| [`gatewayIPConfigurations`](#parameter-gatewayipconfigurations) | array | Subnets of the application gateway resource. | +| [`httpListeners`](#parameter-httplisteners) | array | Http listeners of the application gateway resource. | +| [`listeners`](#parameter-listeners) | array | Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | +| [`loadDistributionPolicies`](#parameter-loaddistributionpolicies) | array | Load distribution policies of the application gateway resource. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`privateLinkConfigurations`](#parameter-privatelinkconfigurations) | array | PrivateLink configurations on application gateway. | +| [`probes`](#parameter-probes) | array | Probes of the application gateway resource. | +| [`redirectConfigurations`](#parameter-redirectconfigurations) | array | Redirect configurations of the application gateway resource. | +| [`requestRoutingRules`](#parameter-requestroutingrules) | array | Request routing rules of the application gateway resource. | +| [`rewriteRuleSets`](#parameter-rewriterulesets) | array | Rewrite rules for the application gateway resource. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`routingRules`](#parameter-routingrules) | array | Routing rules of the application gateway resource. | +| [`sku`](#parameter-sku) | string | The name of the SKU for the Application Gateway. | +| [`sslCertificates`](#parameter-sslcertificates) | array | SSL certificates of the application gateway resource. | +| [`sslPolicyCipherSuites`](#parameter-sslpolicyciphersuites) | array | Ssl cipher suites to be enabled in the specified order to application gateway. | +| [`sslPolicyMinProtocolVersion`](#parameter-sslpolicyminprotocolversion) | string | Ssl protocol enums. | +| [`sslPolicyName`](#parameter-sslpolicyname) | string | Ssl predefined policy name enums. | +| [`sslPolicyType`](#parameter-sslpolicytype) | string | Type of Ssl Policy. | +| [`sslProfiles`](#parameter-sslprofiles) | array | SSL profiles of the application gateway resource. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`trustedClientCertificates`](#parameter-trustedclientcertificates) | array | Trusted client certificates of the application gateway resource. | +| [`trustedRootCertificates`](#parameter-trustedrootcertificates) | array | Trusted Root certificates of the application gateway resource. | +| [`urlPathMaps`](#parameter-urlpathmaps) | array | URL path map of the application gateway resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`webApplicationFirewallConfiguration`](#parameter-webapplicationfirewallconfiguration) | object | Application gateway web application firewall configuration. Should be configured for security reasons. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | + +### Parameter: `authenticationCertificates` + +Authentication certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `autoscaleMaxCapacity` + +Upper bound on number of Application Gateway capacity. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `autoscaleMinCapacity` + +Lower bound on number of Application Gateway capacity. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `backendAddressPools` + +Backend address pool of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `backendHttpSettingsCollection` + +Backend http settings of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `backendSettingsCollection` + +Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `capacity` + +The number of Application instances to be configured. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `customErrorConfigurations` + +Custom error configurations of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableFips` + +Whether FIPS is enabled on the application gateway resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableHttp2` + +Whether HTTP2 is enabled on the application gateway resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRequestBuffering` + +Enable request buffering. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableResponseBuffering` + +Enable response buffering. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `firewallPolicyId` + +The resource ID of an associated firewall policy. Should be configured for security reasons. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `frontendIPConfigurations` + +Frontend IP addresses of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `frontendPorts` + +Frontend ports of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `gatewayIPConfigurations` + +Subnets of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `httpListeners` + +Http listeners of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `listeners` + +Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `loadDistributionPolicies` + +Load distribution policies of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Application Gateway. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `privateLinkConfigurations` + +PrivateLink configurations on application gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `probes` + +Probes of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `redirectConfigurations` + +Redirect configurations of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `requestRoutingRules` + +Request routing rules of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rewriteRuleSets` + +Rewrite rules for the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `routingRules` + +Routing rules of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the SKU for the Application Gateway. +- Required: No +- Type: string +- Default: `'WAF_Medium'` +- Allowed: `[Standard_Large, Standard_Medium, Standard_Small, Standard_v2, WAF_Large, WAF_Medium, WAF_v2]` + +### Parameter: `sslCertificates` + +SSL certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sslPolicyCipherSuites` + +Ssl cipher suites to be enabled in the specified order to application gateway. +- Required: No +- Type: array +- Default: `[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]` +- Allowed: `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` + +### Parameter: `sslPolicyMinProtocolVersion` + +Ssl protocol enums. +- Required: No +- Type: string +- Default: `'TLSv1_2'` +- Allowed: `[TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3]` + +### Parameter: `sslPolicyName` + +Ssl predefined policy name enums. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S, AppGwSslPolicy20220101, AppGwSslPolicy20220101S]` + +### Parameter: `sslPolicyType` + +Type of Ssl Policy. +- Required: No +- Type: string +- Default: `'Custom'` +- Allowed: `[Custom, CustomV2, Predefined]` + +### Parameter: `sslProfiles` + +SSL profiles of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trustedClientCertificates` + +Trusted client certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `trustedRootCertificates` + +Trusted Root certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `urlPathMaps` + +URL path map of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webApplicationFirewallConfiguration` + +Application gateway web application firewall configuration. Should be configured for security reasons. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zones` + +A list of availability zones denoting where the resource needs to come from. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application gateway. | +| `resourceGroupName` | string | The resource group the application gateway was deployed into. | +| `resourceId` | string | The resource ID of the application gateway. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/network/application-gateway/main.json b/modules/network/application-gateway/main.json index 60b0d828c3..c1c3844517 100644 --- a/modules/network/application-gateway/main.json +++ b/modules/network/application-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7571026279371080579" + "version": "0.22.6.54827", + "templateHash": "214441703213354743" }, "name": "Network Application Gateways", "description": "This module deploys a Network Application Gateway.", @@ -587,8 +587,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -787,8 +787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -925,8 +925,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1139,8 +1139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5981161114261866158" + "version": "0.22.6.54827", + "templateHash": "4623397595540345983" } }, "parameters": { diff --git a/modules/network/application-security-group/.test/common/main.test.bicep b/modules/network/application-security-group/.test/common/main.test.bicep index 8f996a1349..d97c89d410 100644 --- a/modules/network/application-security-group/.test/common/main.test.bicep +++ b/modules/network/application-security-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/application-security-group/README.md b/modules/network/application-security-group/README.md index 6b5150d961..dd4a0b47e3 100644 --- a/modules/network/application-security-group/README.md +++ b/modules/network/application-security-group/README.md @@ -5,10 +5,10 @@ This module deploys an Application Security Group (ASG). ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,53 +18,27 @@ This module deploys an Application Security Group (ASG). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/applicationSecurityGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/applicationSecurityGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Security Group. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.application-security-group:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +- [Using large parameter set](#example-1-using-large-parameter-set) -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application security group. | -| `resourceGroupName` | string | The resource group the application security group was deployed into. | -| `resourceId` | string | The resource ID of the application security group. | +### Example 1: _Using large parameter set_ -## Cross-referenced modules +This instance deploys the module with most of its features enabled. -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module applicationSecurityGroup './network/application-security-group/main.bicep' = { +module applicationSecurityGroup 'br:bicep/modules/network.application-security-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nasgcom' params: { // Required parameters @@ -137,3 +111,78 @@ module applicationSecurityGroup './network/application-security-group/main.bicep

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Security Group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Application Security Group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application security group. | +| `resourceGroupName` | string | The resource group the application security group was deployed into. | +| `resourceId` | string | The resource ID of the application security group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/application-security-group/main.json b/modules/network/application-security-group/main.json index 5cac0b4ccf..a733a611db 100644 --- a/modules/network/application-security-group/main.json +++ b/modules/network/application-security-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9223506282900740503" + "version": "0.22.6.54827", + "templateHash": "4115045672718601619" }, "name": "Application Security Groups (ASG)", "description": "This module deploys an Application Security Group (ASG).", @@ -130,8 +130,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4152038459218204517" + "version": "0.22.6.54827", + "templateHash": "1920288953009439364" } }, "parameters": { diff --git a/modules/network/azure-firewall/.test/common/main.test.bicep b/modules/network/azure-firewall/.test/common/main.test.bicep index 0bac54906a..17193997bd 100644 --- a/modules/network/azure-firewall/.test/common/main.test.bicep +++ b/modules/network/azure-firewall/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/azure-firewall/.test/min/main.test.bicep b/modules/network/azure-firewall/.test/min/main.test.bicep index 9b3e65d2f4..28620b7046 100644 --- a/modules/network/azure-firewall/.test/min/main.test.bicep +++ b/modules/network/azure-firewall/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/azure-firewall/README.md b/modules/network/azure-firewall/README.md index 58c2d46f73..73137eee0b 100644 --- a/modules/network/azure-firewall/README.md +++ b/modules/network/azure-firewall/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Firewall. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,91 +20,29 @@ This module deploys an Azure Firewall. | `Microsoft.Network/azureFirewalls` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/azureFirewalls) | | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Firewall. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `hubIPAddresses` | object | `{object}` | IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. | -| `virtualHubId` | string | `''` | The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. | -| `vNetId` | string | `''` | Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalPublicIpConfigurations` | array | `[]` | | This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. | -| `applicationRuleCollections` | array | `[]` | | Collection of application rule collections used by Azure Firewall. | -| `azureSkuTier` | string | `'Standard'` | `[Basic, Premium, Standard]` | Tier of an Azure Firewall. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Diagnostic Storage Account resource identifier. | -| `diagnosticWorkspaceId` | string | `''` | | Log Analytics workspace resource identifier. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallPolicyId` | string | `''` | | Resource ID of the Firewall Policy that should be attached. | -| `isCreateDefaultPublicIP` | bool | `True` | | Specifies if a Public IP should be created by default if one is not provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managementIPAddressObject` | object | `{object}` | | Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. | -| `managementIPResourceID` | string | `''` | | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. | -| `natRuleCollections` | array | `[]` | | Collection of NAT rule collections used by Azure Firewall. | -| `networkRuleCollections` | array | `[]` | | Collection of network rule collections used by Azure Firewall. | -| `publicIPAddressObject` | object | `{object}` | | Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. | -| `publicIPResourceID` | string | `''` | | The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the Azure Firewall resource. | -| `threatIntelMode` | string | `'Deny'` | `[Alert, Deny, Off]` | The operation mode for Threat Intel. | -| `zones` | array | `[1, 2, 3]` | | Zone numbers e.g. 1,2,3. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `applicationRuleCollections` | array | List of Application Rule Collections. | -| `ipConfAzureFirewallSubnet` | object | The Public IP configuration object for the Azure Firewall Subnet. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Azure Firewall. | -| `natRuleCollections` | array | Collection of NAT rule collections used by Azure Firewall. | -| `networkRuleCollections` | array | List of Network Rule Collections. | -| `privateIp` | string | The private IP of the Azure firewall. | -| `resourceGroupName` | string | The resource group the Azure firewall was deployed into. | -| `resourceId` | string | The resource ID of the Azure Firewall. | - - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +## Usage examples -| Reference | Type | -| :-- | :-- | -| `network/public-ip-address` | Local reference | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.azure-firewall:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Addpip](#example-1-addpip) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Custompip](#example-3-custompip) +- [Hubcommon](#example-4-hubcommon) +- [Hubmin](#example-5-hubmin) +- [Using only defaults](#example-6-using-only-defaults) -

Example 1: Addpip

+### Example 1: _Addpip_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafaddpip' params: { // Required parameters @@ -202,14 +140,17 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafcom' params: { // Required parameters @@ -485,14 +426,14 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 3: Custompip

+### Example 3: _Custompip_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafcstpip' params: { // Required parameters @@ -596,14 +537,14 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 4: Hubcommon

+### Example 4: _Hubcommon_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafhubcom' params: { // Required parameters @@ -673,14 +614,14 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 5: Hubmin

+### Example 5: _Hubmin_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafhubmin' params: { // Required parameters @@ -734,14 +675,17 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 6: Min

+### Example 6: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafmin' params: { // Required parameters @@ -782,3 +726,280 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Firewall. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hubIPAddresses`](#parameter-hubipaddresses) | object | IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. | +| [`virtualHubId`](#parameter-virtualhubid) | string | The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. | +| [`vNetId`](#parameter-vnetid) | string | Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalPublicIpConfigurations`](#parameter-additionalpublicipconfigurations) | array | This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. | +| [`applicationRuleCollections`](#parameter-applicationrulecollections) | array | Collection of application rule collections used by Azure Firewall. | +| [`azureSkuTier`](#parameter-azureskutier) | string | Tier of an Azure Firewall. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Diagnostic Storage Account resource identifier. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Log Analytics workspace resource identifier. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallPolicyId`](#parameter-firewallpolicyid) | string | Resource ID of the Firewall Policy that should be attached. | +| [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managementIPAddressObject`](#parameter-managementipaddressobject) | object | Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. | +| [`managementIPResourceID`](#parameter-managementipresourceid) | string | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. | +| [`natRuleCollections`](#parameter-natrulecollections) | array | Collection of NAT rule collections used by Azure Firewall. | +| [`networkRuleCollections`](#parameter-networkrulecollections) | array | Collection of network rule collections used by Azure Firewall. | +| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. | +| [`publicIPResourceID`](#parameter-publicipresourceid) | string | The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the Azure Firewall resource. | +| [`threatIntelMode`](#parameter-threatintelmode) | string | The operation mode for Threat Intel. | +| [`zones`](#parameter-zones) | array | Zone numbers e.g. 1,2,3. | + +### Parameter: `additionalPublicIpConfigurations` + +This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `applicationRuleCollections` + +Collection of application rule collections used by Azure Firewall. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureSkuTier` + +Tier of an Azure Firewall. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Diagnostic Storage Account resource identifier. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Log Analytics workspace resource identifier. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallPolicyId` + +Resource ID of the Firewall Policy that should be attached. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `hubIPAddresses` + +IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `isCreateDefaultPublicIP` + +Specifies if a Public IP should be created by default if one is not provided. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managementIPAddressObject` + +Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `managementIPResourceID` + +The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the Azure Firewall. +- Required: Yes +- Type: string + +### Parameter: `natRuleCollections` + +Collection of NAT rule collections used by Azure Firewall. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkRuleCollections` + +Collection of network rule collections used by Azure Firewall. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIPAddressObject` + +Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `publicIPResourceID` + +The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the Azure Firewall resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `threatIntelMode` + +The operation mode for Threat Intel. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Alert, Deny, Off]` + +### Parameter: `virtualHubId` + +The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vNetId` + +Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `zones` + +Zone numbers e.g. 1,2,3. +- Required: No +- Type: array +- Default: `[1, 2, 3]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `applicationRuleCollections` | array | List of Application Rule Collections. | +| `ipConfAzureFirewallSubnet` | object | The Public IP configuration object for the Azure Firewall Subnet. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Azure Firewall. | +| `natRuleCollections` | array | Collection of NAT rule collections used by Azure Firewall. | +| `networkRuleCollections` | array | List of Network Rule Collections. | +| `privateIp` | string | The private IP of the Azure firewall. | +| `resourceGroupName` | string | The resource group the Azure firewall was deployed into. | +| `resourceId` | string | The resource ID of the Azure Firewall. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/public-ip-address` | Local reference | diff --git a/modules/network/azure-firewall/main.json b/modules/network/azure-firewall/main.json index 860263abc5..e51d5158ae 100644 --- a/modules/network/azure-firewall/main.json +++ b/modules/network/azure-firewall/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1618306039549240547" + "version": "0.22.6.54827", + "templateHash": "11388637561853566149" }, "name": "Azure Firewalls", "description": "This module deploys an Azure Firewall.", @@ -417,8 +417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -751,8 +751,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -988,8 +988,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -1322,8 +1322,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -1540,8 +1540,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4956524931122744714" + "version": "0.22.6.54827", + "templateHash": "11885290344977420864" } }, "parameters": { diff --git a/modules/network/bastion-host/.test/common/main.test.bicep b/modules/network/bastion-host/.test/common/main.test.bicep index 35ab2e3670..5d384c25e9 100644 --- a/modules/network/bastion-host/.test/common/main.test.bicep +++ b/modules/network/bastion-host/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/bastion-host/.test/min/main.test.bicep b/modules/network/bastion-host/.test/min/main.test.bicep index 5c3fb70bb0..8292377077 100644 --- a/modules/network/bastion-host/.test/min/main.test.bicep +++ b/modules/network/bastion-host/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/bastion-host/README.md b/modules/network/bastion-host/README.md index b68e8d4c80..8aa5825b04 100644 --- a/modules/network/bastion-host/README.md +++ b/modules/network/bastion-host/README.md @@ -5,10 +5,10 @@ This module deploys a Bastion Host. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,75 +20,29 @@ This module deploys a Bastion Host. | `Microsoft.Network/bastionHosts` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/bastionHosts) | | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Bastion resource. | -| `vNetId` | string | Shared services Virtual Network resource identifier. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `bastionSubnetPublicIpResourceId` | string | `''` | | The Public IP resource ID to associate to the azureBastionSubnet. If empty, then the Public IP that is created as part of this module will be applied to the azureBastionSubnet. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, BastionAuditLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableCopyPaste` | bool | `False` | | Choose to disable or enable Copy Paste. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableFileCopy` | bool | `True` | | Choose to disable or enable File Copy. | -| `enableIpConnect` | bool | `False` | | Choose to disable or enable IP Connect. | -| `enableKerberos` | bool | `False` | | Choose to disable or enable Kerberos authentication. | -| `enableShareableLink` | bool | `False` | | Choose to disable or enable Shareable Link. | -| `isCreateDefaultPublicIP` | bool | `True` | | Specifies if a Public IP should be created by default if one is not provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicIPAddressObject` | object | `{object}` | | Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scaleUnits` | int | `2` | | The scale units for the Bastion Host resource. | -| `skuName` | string | `'Basic'` | `[Basic, Standard]` | The SKU of this Bastion Host. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `ipConfAzureBastionSubnet` | object | The Public IPconfiguration object for the AzureBastionSubnet. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name the Azure Bastion. | -| `resourceGroupName` | string | The resource group the Azure Bastion was deployed into. | -| `resourceId` | string | The resource ID the Azure Bastion. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/public-ip-address` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.bastion-host:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Custompip](#example-2-custompip) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module bastionHost './network/bastion-host/main.bicep' = { +module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nbhcom' params: { // Required parameters @@ -210,14 +164,14 @@ module bastionHost './network/bastion-host/main.bicep' = {

-

Example 2: Custompip

+### Example 2: _Custompip_
via Bicep module ```bicep -module bastionHost './network/bastion-host/main.bicep' = { +module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nbhctmpip' params: { // Required parameters @@ -331,14 +285,17 @@ module bastionHost './network/bastion-host/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module bastionHost './network/bastion-host/main.bicep' = { +module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nbhmin' params: { // Required parameters @@ -379,3 +336,220 @@ module bastionHost './network/bastion-host/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Bastion resource. | +| [`vNetId`](#parameter-vnetid) | string | Shared services Virtual Network resource identifier. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`bastionSubnetPublicIpResourceId`](#parameter-bastionsubnetpublicipresourceid) | string | The Public IP resource ID to associate to the azureBastionSubnet. If empty, then the Public IP that is created as part of this module will be applied to the azureBastionSubnet. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableCopyPaste`](#parameter-disablecopypaste) | bool | Choose to disable or enable Copy Paste. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableFileCopy`](#parameter-enablefilecopy) | bool | Choose to disable or enable File Copy. | +| [`enableIpConnect`](#parameter-enableipconnect) | bool | Choose to disable or enable IP Connect. | +| [`enableKerberos`](#parameter-enablekerberos) | bool | Choose to disable or enable Kerberos authentication. | +| [`enableShareableLink`](#parameter-enableshareablelink) | bool | Choose to disable or enable Shareable Link. | +| [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scaleUnits`](#parameter-scaleunits) | int | The scale units for the Bastion Host resource. | +| [`skuName`](#parameter-skuname) | string | The SKU of this Bastion Host. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `bastionSubnetPublicIpResourceId` + +The Public IP resource ID to associate to the azureBastionSubnet. If empty, then the Public IP that is created as part of this module will be applied to the azureBastionSubnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, BastionAuditLogs]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableCopyPaste` + +Choose to disable or enable Copy Paste. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableFileCopy` + +Choose to disable or enable File Copy. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableIpConnect` + +Choose to disable or enable IP Connect. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableKerberos` + +Choose to disable or enable Kerberos authentication. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableShareableLink` + +Choose to disable or enable Shareable Link. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `isCreateDefaultPublicIP` + +Specifies if a Public IP should be created by default if one is not provided. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Bastion resource. +- Required: Yes +- Type: string + +### Parameter: `publicIPAddressObject` + +Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scaleUnits` + +The scale units for the Bastion Host resource. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `skuName` + +The SKU of this Bastion Host. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Standard]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vNetId` + +Shared services Virtual Network resource identifier. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `ipConfAzureBastionSubnet` | object | The Public IPconfiguration object for the AzureBastionSubnet. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name the Azure Bastion. | +| `resourceGroupName` | string | The resource group the Azure Bastion was deployed into. | +| `resourceId` | string | The resource ID the Azure Bastion. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/public-ip-address` | Local reference | diff --git a/modules/network/bastion-host/main.json b/modules/network/bastion-host/main.json index 0370ab6fdd..ab504b7428 100644 --- a/modules/network/bastion-host/main.json +++ b/modules/network/bastion-host/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17208156201497944921" + "version": "0.22.6.54827", + "templateHash": "18039554301844568366" }, "name": "Bastion Hosts", "description": "This module deploys a Bastion Host.", @@ -326,8 +326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -660,8 +660,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -878,8 +878,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5797020701488147835" + "version": "0.22.6.54827", + "templateHash": "7732571198100682148" } }, "parameters": { diff --git a/modules/network/connection/README.md b/modules/network/connection/README.md index a8e9cf6573..7275058f5a 100644 --- a/modules/network/connection/README.md +++ b/modules/network/connection/README.md @@ -4,83 +4,38 @@ This module deploys a Virtual Network Gateway Connection. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Network/connections` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/connections) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Remote connection name. | -| `virtualNetworkGateway1` | object | The primary Virtual Network Gateway. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationKey` | securestring | `''` | | The Authorization Key to connect to an Express Route Circuit. Used for connection type [ExpressRoute]. | -| `connectionMode` | string | `'Default'` | `[Default, InitiatorOnly, ResponderOnly]` | The connection connectionMode for this connection. Available for IPSec connections. | -| `connectionProtocol` | string | `'IKEv2'` | `[IKEv1, IKEv2]` | Connection connectionProtocol used for this connection. Available for IPSec connections. | -| `connectionType` | string | `'IPsec'` | `[ExpressRoute, IPsec, Vnet2Vnet, VPNClient]` | Gateway connection connectionType. | -| `customIPSecPolicy` | object | `{object}` | | The IPSec Policies to be considered by this connection. | -| `dpdTimeoutSeconds` | int | `45` | | The dead peer detection timeout of this connection in seconds. Setting the timeout to shorter periods will cause IKE to rekey more aggressively, causing the connection to appear to be disconnected in some instances. The general recommendation is to set the timeout between 30 to 45 seconds. | -| `enableBgp` | bool | `False` | | Value to specify if BGP is enabled or not. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enablePrivateLinkFastPath` | bool | `False` | | Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. Only available when connection connectionType is Express Route. | -| `expressRouteGatewayBypass` | bool | `False` | | Bypass ExpressRoute Gateway for data forwarding. Only available when connection connectionType is Express Route. | -| `localNetworkGateway2` | object | `{object}` | | The local network gateway. Used for connection type [IPsec]. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the connectionType of lock. | -| `peer` | object | `{object}` | | The remote peer. Used for connection connectionType [ExpressRoute]. | -| `routingWeight` | int | `-1` | | The weight added to routes learned from this BGP speaker. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `useLocalAzureIpAddress` | bool | `False` | | Use private local Azure IP for the connection. Only available for IPSec Virtual Network Gateways that use the Azure Private IP Property. | -| `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. | -| `virtualNetworkGateway2` | object | `{object}` | | The remote Virtual Network Gateway. Used for connection connectionType [Vnet2Vnet]. | -| `vpnSharedKey` | securestring | `''` | | Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.connection:1.0.0`. +- [Vnet2vnet](#example-1-vnet2vnet) -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the remote connection. | -| `resourceGroupName` | string | The resource group the remote connection was deployed into. | -| `resourceId` | string | The resource ID of the remote connection. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Vnet2vnet

+### Example 1: _Vnet2vnet_
via Bicep module ```bicep -module connection './network/connection/main.bicep' = { +module connection 'br:bicep/modules/network.connection:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ncvtv' params: { // Required parameters @@ -163,6 +118,210 @@ module connection './network/connection/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Remote connection name. | +| [`virtualNetworkGateway1`](#parameter-virtualnetworkgateway1) | object | The primary Virtual Network Gateway. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationKey`](#parameter-authorizationkey) | securestring | The Authorization Key to connect to an Express Route Circuit. Used for connection type [ExpressRoute]. | +| [`connectionMode`](#parameter-connectionmode) | string | The connection connectionMode for this connection. Available for IPSec connections. | +| [`connectionProtocol`](#parameter-connectionprotocol) | string | Connection connectionProtocol used for this connection. Available for IPSec connections. | +| [`connectionType`](#parameter-connectiontype) | string | Gateway connection connectionType. | +| [`customIPSecPolicy`](#parameter-customipsecpolicy) | object | The IPSec Policies to be considered by this connection. | +| [`dpdTimeoutSeconds`](#parameter-dpdtimeoutseconds) | int | The dead peer detection timeout of this connection in seconds. Setting the timeout to shorter periods will cause IKE to rekey more aggressively, causing the connection to appear to be disconnected in some instances. The general recommendation is to set the timeout between 30 to 45 seconds. | +| [`enableBgp`](#parameter-enablebgp) | bool | Value to specify if BGP is enabled or not. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enablePrivateLinkFastPath`](#parameter-enableprivatelinkfastpath) | bool | Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. Only available when connection connectionType is Express Route. | +| [`expressRouteGatewayBypass`](#parameter-expressroutegatewaybypass) | bool | Bypass ExpressRoute Gateway for data forwarding. Only available when connection connectionType is Express Route. | +| [`localNetworkGateway2`](#parameter-localnetworkgateway2) | object | The local network gateway. Used for connection type [IPsec]. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the connectionType of lock. | +| [`peer`](#parameter-peer) | object | The remote peer. Used for connection connectionType [ExpressRoute]. | +| [`routingWeight`](#parameter-routingweight) | int | The weight added to routes learned from this BGP speaker. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`useLocalAzureIpAddress`](#parameter-uselocalazureipaddress) | bool | Use private local Azure IP for the connection. Only available for IPSec Virtual Network Gateways that use the Azure Private IP Property. | +| [`usePolicyBasedTrafficSelectors`](#parameter-usepolicybasedtrafficselectors) | bool | Enable policy-based traffic selectors. | +| [`virtualNetworkGateway2`](#parameter-virtualnetworkgateway2) | object | The remote Virtual Network Gateway. Used for connection connectionType [Vnet2Vnet]. | +| [`vpnSharedKey`](#parameter-vpnsharedkey) | securestring | Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways. | + +### Parameter: `authorizationKey` + +The Authorization Key to connect to an Express Route Circuit. Used for connection type [ExpressRoute]. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `connectionMode` + +The connection connectionMode for this connection. Available for IPSec connections. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, InitiatorOnly, ResponderOnly]` + +### Parameter: `connectionProtocol` + +Connection connectionProtocol used for this connection. Available for IPSec connections. +- Required: No +- Type: string +- Default: `'IKEv2'` +- Allowed: `[IKEv1, IKEv2]` + +### Parameter: `connectionType` + +Gateway connection connectionType. +- Required: No +- Type: string +- Default: `'IPsec'` +- Allowed: `[ExpressRoute, IPsec, Vnet2Vnet, VPNClient]` + +### Parameter: `customIPSecPolicy` + +The IPSec Policies to be considered by this connection. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `dpdTimeoutSeconds` + +The dead peer detection timeout of this connection in seconds. Setting the timeout to shorter periods will cause IKE to rekey more aggressively, causing the connection to appear to be disconnected in some instances. The general recommendation is to set the timeout between 30 to 45 seconds. +- Required: No +- Type: int +- Default: `45` + +### Parameter: `enableBgp` + +Value to specify if BGP is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePrivateLinkFastPath` + +Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. Only available when connection connectionType is Express Route. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `expressRouteGatewayBypass` + +Bypass ExpressRoute Gateway for data forwarding. Only available when connection connectionType is Express Route. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `localNetworkGateway2` + +The local network gateway. Used for connection type [IPsec]. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the connectionType of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Remote connection name. +- Required: Yes +- Type: string + +### Parameter: `peer` + +The remote peer. Used for connection connectionType [ExpressRoute]. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `routingWeight` + +The weight added to routes learned from this BGP speaker. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `useLocalAzureIpAddress` + +Use private local Azure IP for the connection. Only available for IPSec Virtual Network Gateways that use the Azure Private IP Property. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `usePolicyBasedTrafficSelectors` + +Enable policy-based traffic selectors. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `virtualNetworkGateway1` + +The primary Virtual Network Gateway. +- Required: Yes +- Type: object + +### Parameter: `virtualNetworkGateway2` + +The remote Virtual Network Gateway. Used for connection connectionType [Vnet2Vnet]. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vpnSharedKey` + +Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways. +- Required: No +- Type: securestring +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the remote connection. | +| `resourceGroupName` | string | The resource group the remote connection was deployed into. | +| `resourceId` | string | The resource ID of the remote connection. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `localNetworkGateway2` diff --git a/modules/network/connection/main.json b/modules/network/connection/main.json index 1f36ad5004..e72fe07213 100644 --- a/modules/network/connection/main.json +++ b/modules/network/connection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16230225022830179202" + "version": "0.22.6.54827", + "templateHash": "4819464445955431710" }, "name": "Virtual Network Gateway Connections", "description": "This module deploys a Virtual Network Gateway Connection.", diff --git a/modules/network/ddos-protection-plan/.test/common/main.test.bicep b/modules/network/ddos-protection-plan/.test/common/main.test.bicep index fa1ddafb22..07f548e028 100644 --- a/modules/network/ddos-protection-plan/.test/common/main.test.bicep +++ b/modules/network/ddos-protection-plan/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/ddos-protection-plan/.test/min/main.test.bicep b/modules/network/ddos-protection-plan/.test/min/main.test.bicep index b961a7b2e4..3f06befe16 100644 --- a/modules/network/ddos-protection-plan/.test/min/main.test.bicep +++ b/modules/network/ddos-protection-plan/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/ddos-protection-plan/README.md b/modules/network/ddos-protection-plan/README.md index d41f975e6c..ce299dd18a 100644 --- a/modules/network/ddos-protection-plan/README.md +++ b/modules/network/ddos-protection-plan/README.md @@ -4,13 +4,13 @@ This module deploys a DDoS Protection Plan. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,53 +18,28 @@ This module deploys a DDoS Protection Plan. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/ddosProtectionPlans` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/ddosProtectionPlans) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the DDoS protection plan to assign the VNET to. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the DDOS protection plan. | -| `resourceGroupName` | string | The resource group the DDOS protection plan was deployed into. | -| `resourceId` | string | The resource ID of the DDOS protection plan. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.ddos-protection-plan:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module ddosProtectionPlan './network/ddos-protection-plan/main.bicep' = { +module ddosProtectionPlan 'br:bicep/modules/network.ddos-protection-plan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndppcom' params: { // Required parameters @@ -138,14 +113,17 @@ module ddosProtectionPlan './network/ddos-protection-plan/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module ddosProtectionPlan './network/ddos-protection-plan/main.bicep' = { +module ddosProtectionPlan 'br:bicep/modules/network.ddos-protection-plan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndppmin' params: { // Required parameters @@ -182,3 +160,78 @@ module ddosProtectionPlan './network/ddos-protection-plan/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the DDoS protection plan to assign the VNET to. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the DDoS protection plan to assign the VNET to. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the DDOS protection plan. | +| `resourceGroupName` | string | The resource group the DDOS protection plan was deployed into. | +| `resourceId` | string | The resource ID of the DDOS protection plan. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/ddos-protection-plan/main.json b/modules/network/ddos-protection-plan/main.json index da760e0ac6..f67227f30a 100644 --- a/modules/network/ddos-protection-plan/main.json +++ b/modules/network/ddos-protection-plan/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4598977816480625428" + "version": "0.22.6.54827", + "templateHash": "10705912154060159414" }, "name": "DDoS Protection Plans", "description": "This module deploys a DDoS Protection Plan.", @@ -131,8 +131,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3995691276861378568" + "version": "0.22.6.54827", + "templateHash": "17533391111719842656" } }, "parameters": { diff --git a/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep b/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep index fb7c7a3a91..1580914504 100644 --- a/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep +++ b/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/dns-forwarding-ruleset/.test/min/main.test.bicep b/modules/network/dns-forwarding-ruleset/.test/min/main.test.bicep index 43e250ddf4..0d95972412 100644 --- a/modules/network/dns-forwarding-ruleset/.test/min/main.test.bicep +++ b/modules/network/dns-forwarding-ruleset/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/dns-forwarding-ruleset/README.md b/modules/network/dns-forwarding-ruleset/README.md index c391b29ada..100d91455b 100644 --- a/modules/network/dns-forwarding-ruleset/README.md +++ b/modules/network/dns-forwarding-ruleset/README.md @@ -5,10 +5,10 @@ This template deploys an dns forwarding ruleset. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,56 +20,28 @@ This template deploys an dns forwarding ruleset. | `Microsoft.Network/dnsForwardingRulesets/forwardingRules` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-07-01/dnsForwardingRulesets/forwardingRules) | | `Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-07-01/dnsForwardingRulesets/virtualNetworkLinks) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `dnsResolverOutboundEndpointResourceIds` | array | The reference to the DNS resolver outbound endpoints that are used to route DNS queries matching the forwarding rules in the ruleset to the target DNS servers. | -| `name` | string | Name of the DNS Forwarding Ruleset. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forwardingRules` | array | `[]` | | Array of forwarding rules. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vNetLinks` | array | `[]` | | Array of virtual network links. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the DNS Forwarding Ruleset. | -| `resourceGroupName` | string | The resource group the DNS Forwarding Ruleset was deployed into. | -| `resourceId` | string | The resource ID of the DNS Forwarding Ruleset. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.dns-forwarding-ruleset:1.0.0`. -## Cross-referenced modules +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -_None_ +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module dnsForwardingRuleset './network/dns-forwarding-ruleset/main.bicep' = { +module dnsForwardingRuleset 'br:bicep/modules/network.dns-forwarding-ruleset:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndfrscom' params: { // Required parameters @@ -187,14 +159,17 @@ module dnsForwardingRuleset './network/dns-forwarding-ruleset/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module dnsForwardingRuleset './network/dns-forwarding-ruleset/main.bicep' = { +module dnsForwardingRuleset 'br:bicep/modules/network.dns-forwarding-ruleset:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndfrsmin' params: { // Required parameters @@ -239,3 +214,101 @@ module dnsForwardingRuleset './network/dns-forwarding-ruleset/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dnsResolverOutboundEndpointResourceIds`](#parameter-dnsresolveroutboundendpointresourceids) | array | The reference to the DNS resolver outbound endpoints that are used to route DNS queries matching the forwarding rules in the ruleset to the target DNS servers. | +| [`name`](#parameter-name) | string | Name of the DNS Forwarding Ruleset. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forwardingRules`](#parameter-forwardingrules) | array | Array of forwarding rules. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vNetLinks`](#parameter-vnetlinks) | array | Array of virtual network links. | + +### Parameter: `dnsResolverOutboundEndpointResourceIds` + +The reference to the DNS resolver outbound endpoints that are used to route DNS queries matching the forwarding rules in the ruleset to the target DNS servers. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forwardingRules` + +Array of forwarding rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the DNS Forwarding Ruleset. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vNetLinks` + +Array of virtual network links. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the DNS Forwarding Ruleset. | +| `resourceGroupName` | string | The resource group the DNS Forwarding Ruleset was deployed into. | +| `resourceId` | string | The resource ID of the DNS Forwarding Ruleset. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md b/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md index b99f308ee7..7f9b46b23d 100644 --- a/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md +++ b/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md @@ -8,7 +8,6 @@ This template deploys Forwarding Rule in a Dns Forwarding Ruleset. - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,31 +19,84 @@ This template deploys Forwarding Rule in a Dns Forwarding Ruleset. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `domainName` | string | The domain name for the forwarding rule. | -| `name` | string | Name of the Forwarding Rule. | -| `targetDnsServers` | array | DNS servers to forward the DNS query to. | +| [`domainName`](#parameter-domainname) | string | The domain name for the forwarding rule. | +| [`name`](#parameter-name) | string | Name of the Forwarding Rule. | +| [`targetDnsServers`](#parameter-targetdnsservers) | array | DNS servers to forward the DNS query to. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsForwardingRulesetName` | string | Name of the parent DNS Forwarding Ruleset. Required if the template is used in a standalone deployment. | +| [`dnsForwardingRulesetName`](#parameter-dnsforwardingrulesetname) | string | Name of the parent DNS Forwarding Ruleset. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forwardingRuleState` | string | `'Enabled'` | `[Disabled, Enabled]` | The state of forwarding rule. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | Metadata attached to the forwarding rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forwardingRuleState`](#parameter-forwardingrulestate) | string | The state of forwarding rule. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | Metadata attached to the forwarding rule. | + +### Parameter: `dnsForwardingRulesetName` + +Name of the parent DNS Forwarding Ruleset. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `domainName` + +The domain name for the forwarding rule. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forwardingRuleState` + +The state of forwarding rule. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `metadata` + +Metadata attached to the forwarding rule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the Forwarding Rule. +- Required: Yes +- Type: string + +### Parameter: `targetDnsServers` + +DNS servers to forward the DNS query to. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Forwarding Rule. | | `resourceGroupName` | string | The resource group the Forwarding Rule was deployed into. | @@ -53,69 +105,3 @@ This template deploys Forwarding Rule in a Dns Forwarding Ruleset. ## Cross-referenced modules _None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module dnsForwardingRulesets './Microsoft.Network/dnsForwardingRulesets/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-ndfrscom' - params: { - // Required parameters - dnsResolverOutboundEndpointId: '' - name: '[[namePrefix]]ndfrscom001' - // Non-required parameters - enableDefaultTelemetry: '' - tags: { - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "dnsResolverOutboundEndpointId": { - "value": "" - }, - "name": { - "value": "[[namePrefix]]ndfrscom001" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

diff --git a/modules/network/dns-forwarding-ruleset/forwarding-rule/main.json b/modules/network/dns-forwarding-ruleset/forwarding-rule/main.json index 4d23c6d66f..398ba866ee 100644 --- a/modules/network/dns-forwarding-ruleset/forwarding-rule/main.json +++ b/modules/network/dns-forwarding-ruleset/forwarding-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9007779430484184440" + "version": "0.22.6.54827", + "templateHash": "14481617304679147684" }, "name": "Dns Forwarding Rulesets Forwarding Rules", "description": "This template deploys Forwarding Rule in a Dns Forwarding Ruleset.", diff --git a/modules/network/dns-forwarding-ruleset/main.json b/modules/network/dns-forwarding-ruleset/main.json index e1335f72c5..19ee04a44f 100644 --- a/modules/network/dns-forwarding-ruleset/main.json +++ b/modules/network/dns-forwarding-ruleset/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1553146733132520499" + "version": "0.22.6.54827", + "templateHash": "3259269947258844338" }, "name": "Dns Forwarding Rulesets", "description": "This template deploys an dns forwarding ruleset.", @@ -163,8 +163,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18119021871235878699" + "version": "0.22.6.54827", + "templateHash": "14481617304679147684" }, "name": "Dns Forwarding Rulesets Forwarding Rules", "description": "This template deploys Forwarding Rule in a Dns Forwarding Ruleset.", @@ -310,8 +310,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9549351328560052808" + "version": "0.22.6.54827", + "templateHash": "13868433916800604215" }, "name": "Dns Forwarding Rulesets Virtual Network Links", "description": "This template deploys Virtual Network Link in a Dns Forwarding Ruleset.", @@ -441,8 +441,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5837323048310954906" + "version": "0.22.6.54827", + "templateHash": "8279185746379392662" } }, "parameters": { diff --git a/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md b/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md index 8fa0d6c219..af8b359da9 100644 --- a/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md +++ b/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md @@ -19,28 +19,61 @@ This template deploys Virtual Network Link in a Dns Forwarding Ruleset. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualNetworkResourceId` | string | Link to another virtual network resource ID. | +| [`virtualNetworkResourceId`](#parameter-virtualnetworkresourceid) | string | Link to another virtual network resource ID. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsForwardingRulesetName` | string | The name of the parent DNS Fowarding Rule Set. Required if the template is used in a standalone deployment. | +| [`dnsForwardingRulesetName`](#parameter-dnsforwardingrulesetname) | string | The name of the parent DNS Fowarding Rule Set. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | The location of the PrivateDNSZone. Should be global. | -| `name` | string | `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` | The name of the virtual network link. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location of the PrivateDNSZone. Should be global. | +| [`name`](#parameter-name) | string | The name of the virtual network link. | + +### Parameter: `dnsForwardingRulesetName` + +The name of the parent DNS Fowarding Rule Set. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location of the PrivateDNSZone. Should be global. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `name` + +The name of the virtual network link. +- Required: No +- Type: string +- Default: `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` + +### Parameter: `virtualNetworkResourceId` + +Link to another virtual network resource ID. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed virtual network link. | | `resourceGroupName` | string | The resource group of the deployed virtual network link. | diff --git a/modules/network/dns-forwarding-ruleset/virtual-network-link/main.json b/modules/network/dns-forwarding-ruleset/virtual-network-link/main.json index f41aa5933d..ac505b8cef 100644 --- a/modules/network/dns-forwarding-ruleset/virtual-network-link/main.json +++ b/modules/network/dns-forwarding-ruleset/virtual-network-link/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13969101007511584177" + "version": "0.22.6.54827", + "templateHash": "13868433916800604215" }, "name": "Dns Forwarding Rulesets Virtual Network Links", "description": "This template deploys Virtual Network Link in a Dns Forwarding Ruleset.", diff --git a/modules/network/dns-resolver/.test/common/main.test.bicep b/modules/network/dns-resolver/.test/common/main.test.bicep index 87c839c618..10ca18a16f 100644 --- a/modules/network/dns-resolver/.test/common/main.test.bicep +++ b/modules/network/dns-resolver/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/dns-resolver/README.md b/modules/network/dns-resolver/README.md index cc337017bd..682f0e5b10 100644 --- a/modules/network/dns-resolver/README.md +++ b/modules/network/dns-resolver/README.md @@ -5,10 +5,10 @@ This module deploys a DNS Resolver. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,56 +20,27 @@ This module deploys a DNS Resolver. | `Microsoft.Network/dnsResolvers/inboundEndpoints` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-07-01/dnsResolvers/inboundEndpoints) | | `Microsoft.Network/dnsResolvers/outboundEndpoints` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-07-01/dnsResolvers/outboundEndpoints) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Private DNS Resolver. | -| `virtualNetworkId` | string | ResourceId of the virtual network to attach the Private DNS Resolver to. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `inboundEndpoints` | array | `[]` | | Inbound Endpoints for Private DNS Resolver. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `outboundEndpoints` | array | `[]` | | Outbound Endpoints for Private DNS Resolver. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Private DNS Resolver. | -| `resourceGroupName` | string | The resource group the Private DNS Resolver was deployed into. | -| `resourceId` | string | The resource ID of the Private DNS Resolver. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.dns-resolver:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module dnsResolver './network/dns-resolver/main.bicep' = { +module dnsResolver 'br:bicep/modules/network.dns-resolver:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndrcom' params: { // Required parameters @@ -150,3 +121,101 @@ module dnsResolver './network/dns-resolver/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Private DNS Resolver. | +| [`virtualNetworkId`](#parameter-virtualnetworkid) | string | ResourceId of the virtual network to attach the Private DNS Resolver to. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`inboundEndpoints`](#parameter-inboundendpoints) | array | Inbound Endpoints for Private DNS Resolver. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`outboundEndpoints`](#parameter-outboundendpoints) | array | Outbound Endpoints for Private DNS Resolver. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `inboundEndpoints` + +Inbound Endpoints for Private DNS Resolver. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Private DNS Resolver. +- Required: Yes +- Type: string + +### Parameter: `outboundEndpoints` + +Outbound Endpoints for Private DNS Resolver. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkId` + +ResourceId of the virtual network to attach the Private DNS Resolver to. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Private DNS Resolver. | +| `resourceGroupName` | string | The resource group the Private DNS Resolver was deployed into. | +| `resourceId` | string | The resource ID of the Private DNS Resolver. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/dns-resolver/main.json b/modules/network/dns-resolver/main.json index 0ec0f996bf..f4fde16620 100644 --- a/modules/network/dns-resolver/main.json +++ b/modules/network/dns-resolver/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3727820015033589972" + "version": "0.22.6.54827", + "templateHash": "317150262818676597" }, "name": "DNS Resolvers", "description": "This module deploys a DNS Resolver.", @@ -197,8 +197,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8749643017224763236" + "version": "0.22.6.54827", + "templateHash": "14781577945075842659" } }, "parameters": { diff --git a/modules/network/dns-zone/.test/common/main.test.bicep b/modules/network/dns-zone/.test/common/main.test.bicep index 7fec103202..f23e497864 100644 --- a/modules/network/dns-zone/.test/common/main.test.bicep +++ b/modules/network/dns-zone/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/dns-zone/.test/min/main.test.bicep b/modules/network/dns-zone/.test/min/main.test.bicep index 096c2d1315..99dd5b9612 100644 --- a/modules/network/dns-zone/.test/min/main.test.bicep +++ b/modules/network/dns-zone/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/dns-zone/README.md b/modules/network/dns-zone/README.md index 4e03141daa..cf007e7fc7 100644 --- a/modules/network/dns-zone/README.md +++ b/modules/network/dns-zone/README.md @@ -4,13 +4,13 @@ This module deploys a Public DNS zone. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -28,63 +28,28 @@ This module deploys a Public DNS zone. | `Microsoft.Network/dnsZones/SRV` | [2018-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-05-01/dnsZones/SRV) | | `Microsoft.Network/dnsZones/TXT` | [2018-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-05-01/dnsZones/TXT) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | DNS zone name. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.dns-zone:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `a` | _[a](a/README.md)_ array | `[]` | | Array of A records. | -| `aaaa` | _[aaaa](aaaa/README.md)_ array | `[]` | | Array of AAAA records. | -| `caa` | _[caa](caa/README.md)_ array | `[]` | | Array of CAA records. | -| `cname` | _[cname](cname/README.md)_ array | `[]` | | Array of CNAME records. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | | The location of the dnsZone. Should be global. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `mx` | _[mx](mx/README.md)_ array | `[]` | | Array of MX records. | -| `ns` | _[ns](ns/README.md)_ array | `[]` | | Array of NS records. | -| `ptr` | _[ptr](ptr/README.md)_ array | `[]` | | Array of PTR records. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `soa` | _[soa](soa/README.md)_ array | `[]` | | Array of SOA records. | -| `srv` | _[srv](srv/README.md)_ array | `[]` | | Array of SRV records. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `txt` | _[txt](txt/README.md)_ array | `[]` | | Array of TXT records. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the DNS zone. | -| `resourceGroupName` | string | The resource group the DNS zone was deployed into. | -| `resourceId` | string | The resource ID of the DNS zone. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module dnsZone './network/dns-zone/main.bicep' = { +module dnsZone 'br:bicep/modules/network.dns-zone:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndzcom' params: { // Required parameters @@ -500,14 +465,17 @@ module dnsZone './network/dns-zone/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module dnsZone './network/dns-zone/main.bicep' = { +module dnsZone 'br:bicep/modules/network.dns-zone:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ndzmin' params: { // Required parameters @@ -544,3 +512,158 @@ module dnsZone './network/dns-zone/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | DNS zone name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`a`](#parameter-a) | array | Array of A records. | +| [`aaaa`](#parameter-aaaa) | array | Array of AAAA records. | +| [`caa`](#parameter-caa) | array | Array of CAA records. | +| [`cname`](#parameter-cname) | array | Array of CNAME records. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location of the dnsZone. Should be global. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`mx`](#parameter-mx) | array | Array of MX records. | +| [`ns`](#parameter-ns) | array | Array of NS records. | +| [`ptr`](#parameter-ptr) | array | Array of PTR records. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`soa`](#parameter-soa) | array | Array of SOA records. | +| [`srv`](#parameter-srv) | array | Array of SRV records. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`txt`](#parameter-txt) | array | Array of TXT records. | + +### Parameter: `a` + +Array of A records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `aaaa` + +Array of AAAA records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `caa` + +Array of CAA records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `cname` + +Array of CNAME records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location of the dnsZone. Should be global. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `mx` + +Array of MX records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +DNS zone name. +- Required: Yes +- Type: string + +### Parameter: `ns` + +Array of NS records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ptr` + +Array of PTR records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `soa` + +Array of SOA records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `srv` + +Array of SRV records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `txt` + +Array of TXT records. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the DNS zone. | +| `resourceGroupName` | string | The resource group the DNS zone was deployed into. | +| `resourceId` | string | The resource ID of the DNS zone. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/dns-zone/a/README.md b/modules/network/dns-zone/a/README.md index 243741caa9..0929f596ca 100644 --- a/modules/network/dns-zone/a/README.md +++ b/modules/network/dns-zone/a/README.md @@ -20,31 +20,85 @@ This module deploys a Public DNS Zone A record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the A record. | +| [`name`](#parameter-name) | string | The name of the A record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aRecords` | array | `[]` | The list of A records in the record set. Cannot be used in conjuction with the "targetResource" property. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `targetResourceId` | string | `''` | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aRecords`](#parameter-arecords) | array | The list of A records in the record set. Cannot be used in conjuction with the "targetResource" property. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`targetResourceId`](#parameter-targetresourceid) | string | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `aRecords` + +The list of A records in the record set. Cannot be used in conjuction with the "targetResource" property. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the A record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `targetResourceId` + +A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed A record. | | `resourceGroupName` | string | The resource group of the deployed A record. | diff --git a/modules/network/dns-zone/a/main.json b/modules/network/dns-zone/a/main.json index 003161d55c..9aeb4218f1 100644 --- a/modules/network/dns-zone/a/main.json +++ b/modules/network/dns-zone/a/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5170145363622927115" + "version": "0.22.6.54827", + "templateHash": "6542208080967583866" }, "name": "Public DNS Zone A record", "description": "This module deploys a Public DNS Zone A record.", @@ -127,8 +127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3558751375290910792" + "version": "0.22.6.54827", + "templateHash": "12863297534613170503" } }, "parameters": { diff --git a/modules/network/dns-zone/aaaa/README.md b/modules/network/dns-zone/aaaa/README.md index 3ced8d13c1..c4e820ffe6 100644 --- a/modules/network/dns-zone/aaaa/README.md +++ b/modules/network/dns-zone/aaaa/README.md @@ -20,31 +20,85 @@ This module deploys a Public DNS Zone AAAA record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the AAAA record. | +| [`name`](#parameter-name) | string | The name of the AAAA record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aaaaRecords` | array | `[]` | The list of AAAA records in the record set. Cannot be used in conjuction with the "targetResource" property. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `targetResourceId` | string | `''` | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aaaaRecords`](#parameter-aaaarecords) | array | The list of AAAA records in the record set. Cannot be used in conjuction with the "targetResource" property. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`targetResourceId`](#parameter-targetresourceid) | string | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `aaaaRecords` + +The list of AAAA records in the record set. Cannot be used in conjuction with the "targetResource" property. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the AAAA record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `targetResourceId` + +A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed AAAA record. | | `resourceGroupName` | string | The resource group of the deployed AAAA record. | diff --git a/modules/network/dns-zone/aaaa/main.json b/modules/network/dns-zone/aaaa/main.json index 9bcf93a5ff..1a9f64999a 100644 --- a/modules/network/dns-zone/aaaa/main.json +++ b/modules/network/dns-zone/aaaa/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14783067103445567469" + "version": "0.22.6.54827", + "templateHash": "3710520452642205212" }, "name": "Public DNS Zone AAAA record", "description": "This module deploys a Public DNS Zone AAAA record.", @@ -127,8 +127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10619447653791643982" + "version": "0.22.6.54827", + "templateHash": "8289108097363297951" } }, "parameters": { diff --git a/modules/network/dns-zone/caa/README.md b/modules/network/dns-zone/caa/README.md index 790b850ff9..9bfa2bb020 100644 --- a/modules/network/dns-zone/caa/README.md +++ b/modules/network/dns-zone/caa/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone CAA record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the CAA record. | +| [`name`](#parameter-name) | string | The name of the CAA record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `caaRecords` | array | `[]` | The list of CAA records in the record set. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`caaRecords`](#parameter-caarecords) | array | The list of CAA records in the record set. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `caaRecords` + +The list of CAA records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the CAA record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed CAA record. | | `resourceGroupName` | string | The resource group of the deployed CAA record. | diff --git a/modules/network/dns-zone/caa/main.json b/modules/network/dns-zone/caa/main.json index 01174cacf6..c0b6623111 100644 --- a/modules/network/dns-zone/caa/main.json +++ b/modules/network/dns-zone/caa/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4477853461523597510" + "version": "0.22.6.54827", + "templateHash": "139457689749453308" }, "name": "Public DNS Zone CAA record", "description": "This module deploys a Public DNS Zone CAA record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17740559314627874296" + "version": "0.22.6.54827", + "templateHash": "9470565833545804306" } }, "parameters": { diff --git a/modules/network/dns-zone/cname/README.md b/modules/network/dns-zone/cname/README.md index 761f346b01..d58c077c0d 100644 --- a/modules/network/dns-zone/cname/README.md +++ b/modules/network/dns-zone/cname/README.md @@ -20,31 +20,85 @@ This module deploys a Public DNS Zone CNAME record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the CNAME record. | +| [`name`](#parameter-name) | string | The name of the CNAME record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cnameRecord` | object | `{object}` | A CNAME record. Cannot be used in conjuction with the "targetResource" property. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `targetResourceId` | string | `''` | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cnameRecord`](#parameter-cnamerecord) | object | A CNAME record. Cannot be used in conjuction with the "targetResource" property. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`targetResourceId`](#parameter-targetresourceid) | string | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `cnameRecord` + +A CNAME record. Cannot be used in conjuction with the "targetResource" property. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the CNAME record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `targetResourceId` + +A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed CNAME record. | | `resourceGroupName` | string | The resource group of the deployed CNAME record. | diff --git a/modules/network/dns-zone/cname/main.json b/modules/network/dns-zone/cname/main.json index 4f413117dd..78d4dd61c0 100644 --- a/modules/network/dns-zone/cname/main.json +++ b/modules/network/dns-zone/cname/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16690614046545500600" + "version": "0.22.6.54827", + "templateHash": "9638487977820751575" }, "name": "Public DNS Zone CNAME record", "description": "This module deploys a Public DNS Zone CNAME record.", @@ -127,8 +127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1579300133069941204" + "version": "0.22.6.54827", + "templateHash": "9902709125102553327" } }, "parameters": { diff --git a/modules/network/dns-zone/main.json b/modules/network/dns-zone/main.json index 2cd166e951..2050ccbfa3 100644 --- a/modules/network/dns-zone/main.json +++ b/modules/network/dns-zone/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6851549629737338757" + "version": "0.22.6.54827", + "templateHash": "9774189040753970370" }, "name": "Public DNS Zones", "description": "This module deploys a Public DNS zone.", @@ -208,8 +208,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "68732993276774389" + "version": "0.22.6.54827", + "templateHash": "6542208080967583866" }, "name": "Public DNS Zone A record", "description": "This module deploys a Public DNS Zone A record.", @@ -331,8 +331,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5391899014295336127" + "version": "0.22.6.54827", + "templateHash": "12863297534613170503" } }, "parameters": { @@ -539,8 +539,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1399420754199725079" + "version": "0.22.6.54827", + "templateHash": "3710520452642205212" }, "name": "Public DNS Zone AAAA record", "description": "This module deploys a Public DNS Zone AAAA record.", @@ -662,8 +662,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11088059014224151171" + "version": "0.22.6.54827", + "templateHash": "8289108097363297951" } }, "parameters": { @@ -870,8 +870,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1081451111818125712" + "version": "0.22.6.54827", + "templateHash": "9638487977820751575" }, "name": "Public DNS Zone CNAME record", "description": "This module deploys a Public DNS Zone CNAME record.", @@ -993,8 +993,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8600790202870820366" + "version": "0.22.6.54827", + "templateHash": "9902709125102553327" } }, "parameters": { @@ -1200,8 +1200,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5673527444453988582" + "version": "0.22.6.54827", + "templateHash": "139457689749453308" }, "name": "Public DNS Zone CAA record", "description": "This module deploys a Public DNS Zone CAA record.", @@ -1315,8 +1315,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15901517837296662514" + "version": "0.22.6.54827", + "templateHash": "9470565833545804306" } }, "parameters": { @@ -1522,8 +1522,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12122627275966612771" + "version": "0.22.6.54827", + "templateHash": "17935109453553054168" }, "name": "Public DNS Zone MX record", "description": "This module deploys a Public DNS Zone MX record.", @@ -1637,8 +1637,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12990053881217536027" + "version": "0.22.6.54827", + "templateHash": "3617371994879925017" } }, "parameters": { @@ -1844,8 +1844,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1252842746264260293" + "version": "0.22.6.54827", + "templateHash": "5114862259619051357" }, "name": "Public DNS Zone NS record", "description": "This module deploys a Public DNS Zone NS record.", @@ -1959,8 +1959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4203054026416577590" + "version": "0.22.6.54827", + "templateHash": "14367633254025428198" } }, "parameters": { @@ -2166,8 +2166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8254188493299686045" + "version": "0.22.6.54827", + "templateHash": "10998530599333888745" }, "name": "Public DNS Zone PTR record", "description": "This module deploys a Public DNS Zone PTR record.", @@ -2281,8 +2281,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3382234855470984930" + "version": "0.22.6.54827", + "templateHash": "17983831737512612600" } }, "parameters": { @@ -2488,8 +2488,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9958980921150733070" + "version": "0.22.6.54827", + "templateHash": "10118634861239112279" }, "name": "Public DNS Zone SOA record", "description": "This module deploys a Public DNS Zone SOA record.", @@ -2603,8 +2603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10962387383395206364" + "version": "0.22.6.54827", + "templateHash": "7383644209973085042" } }, "parameters": { @@ -2810,8 +2810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11054274383314435498" + "version": "0.22.6.54827", + "templateHash": "17870818057963659035" }, "name": "Public DNS Zone SRV record", "description": "This module deploys a Public DNS Zone SRV record.", @@ -2925,8 +2925,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17186909847958573798" + "version": "0.22.6.54827", + "templateHash": "1743157605226588693" } }, "parameters": { @@ -3132,8 +3132,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4896316740645265762" + "version": "0.22.6.54827", + "templateHash": "13941492299186927650" }, "name": "Public DNS Zone TXT record", "description": "This module deploys a Public DNS Zone TXT record.", @@ -3247,8 +3247,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2655826582817627242" + "version": "0.22.6.54827", + "templateHash": "7288997439030042721" } }, "parameters": { @@ -3454,8 +3454,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14647311365948094297" + "version": "0.22.6.54827", + "templateHash": "10745925950629635011" } }, "parameters": { diff --git a/modules/network/dns-zone/mx/README.md b/modules/network/dns-zone/mx/README.md index e6b6a99d5a..2404e76d3a 100644 --- a/modules/network/dns-zone/mx/README.md +++ b/modules/network/dns-zone/mx/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone MX record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the MX record. | +| [`name`](#parameter-name) | string | The name of the MX record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `mxRecords` | array | `[]` | The list of MX records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`mxRecords`](#parameter-mxrecords) | array | The list of MX records in the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mxRecords` + +The list of MX records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the MX record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed MX record. | | `resourceGroupName` | string | The resource group of the deployed MX record. | diff --git a/modules/network/dns-zone/mx/main.json b/modules/network/dns-zone/mx/main.json index 8b13e14708..1c740cd6dc 100644 --- a/modules/network/dns-zone/mx/main.json +++ b/modules/network/dns-zone/mx/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14301321817801341159" + "version": "0.22.6.54827", + "templateHash": "17935109453553054168" }, "name": "Public DNS Zone MX record", "description": "This module deploys a Public DNS Zone MX record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9536077061979113211" + "version": "0.22.6.54827", + "templateHash": "3617371994879925017" } }, "parameters": { diff --git a/modules/network/dns-zone/ns/README.md b/modules/network/dns-zone/ns/README.md index 411d63a495..f95a252125 100644 --- a/modules/network/dns-zone/ns/README.md +++ b/modules/network/dns-zone/ns/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone NS record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the NS record. | +| [`name`](#parameter-name) | string | The name of the NS record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `nsRecords` | array | `[]` | The list of NS records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`nsRecords`](#parameter-nsrecords) | array | The list of NS records in the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the NS record. +- Required: Yes +- Type: string + +### Parameter: `nsRecords` + +The list of NS records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed NS record. | | `resourceGroupName` | string | The resource group of the deployed NS record. | diff --git a/modules/network/dns-zone/ns/main.json b/modules/network/dns-zone/ns/main.json index 39cbd138f6..0324b74495 100644 --- a/modules/network/dns-zone/ns/main.json +++ b/modules/network/dns-zone/ns/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13879924638868874443" + "version": "0.22.6.54827", + "templateHash": "5114862259619051357" }, "name": "Public DNS Zone NS record", "description": "This module deploys a Public DNS Zone NS record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2717382131813837654" + "version": "0.22.6.54827", + "templateHash": "14367633254025428198" } }, "parameters": { diff --git a/modules/network/dns-zone/ptr/README.md b/modules/network/dns-zone/ptr/README.md index caf2ea722a..04db682bb4 100644 --- a/modules/network/dns-zone/ptr/README.md +++ b/modules/network/dns-zone/ptr/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone PTR record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the PTR record. | +| [`name`](#parameter-name) | string | The name of the PTR record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `ptrRecords` | array | `[]` | The list of PTR records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`ptrRecords`](#parameter-ptrrecords) | array | The list of PTR records in the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the PTR record. +- Required: Yes +- Type: string + +### Parameter: `ptrRecords` + +The list of PTR records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed PTR record. | | `resourceGroupName` | string | The resource group of the deployed PTR record. | diff --git a/modules/network/dns-zone/ptr/main.json b/modules/network/dns-zone/ptr/main.json index 8e886f5e90..d596d246fc 100644 --- a/modules/network/dns-zone/ptr/main.json +++ b/modules/network/dns-zone/ptr/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14950916556855362521" + "version": "0.22.6.54827", + "templateHash": "10998530599333888745" }, "name": "Public DNS Zone PTR record", "description": "This module deploys a Public DNS Zone PTR record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14048540340305231771" + "version": "0.22.6.54827", + "templateHash": "17983831737512612600" } }, "parameters": { diff --git a/modules/network/dns-zone/soa/README.md b/modules/network/dns-zone/soa/README.md index 83c0fa4654..ec6efc70ec 100644 --- a/modules/network/dns-zone/soa/README.md +++ b/modules/network/dns-zone/soa/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone SOA record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the SOA record. | +| [`name`](#parameter-name) | string | The name of the SOA record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `soaRecord` | object | `{object}` | A SOA record. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`soaRecord`](#parameter-soarecord) | object | A SOA record. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the SOA record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `soaRecord` + +A SOA record. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed SOA record. | | `resourceGroupName` | string | The resource group of the deployed SOA record. | diff --git a/modules/network/dns-zone/soa/main.json b/modules/network/dns-zone/soa/main.json index 69744041ff..17ba5d7803 100644 --- a/modules/network/dns-zone/soa/main.json +++ b/modules/network/dns-zone/soa/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15092776661272728734" + "version": "0.22.6.54827", + "templateHash": "10118634861239112279" }, "name": "Public DNS Zone SOA record", "description": "This module deploys a Public DNS Zone SOA record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17247816691852004236" + "version": "0.22.6.54827", + "templateHash": "7383644209973085042" } }, "parameters": { diff --git a/modules/network/dns-zone/srv/README.md b/modules/network/dns-zone/srv/README.md index fb1f8c35f6..8947cd2a5f 100644 --- a/modules/network/dns-zone/srv/README.md +++ b/modules/network/dns-zone/srv/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone SRV record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the SRV record. | +| [`name`](#parameter-name) | string | The name of the SRV record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `srvRecords` | array | `[]` | The list of SRV records in the record set. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`srvRecords`](#parameter-srvrecords) | array | The list of SRV records in the record set. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the SRV record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `srvRecords` + +The list of SRV records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed SRV record. | | `resourceGroupName` | string | The resource group of the deployed SRV record. | diff --git a/modules/network/dns-zone/srv/main.json b/modules/network/dns-zone/srv/main.json index 6e3933b6ad..d0c3e30324 100644 --- a/modules/network/dns-zone/srv/main.json +++ b/modules/network/dns-zone/srv/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2772370204362718864" + "version": "0.22.6.54827", + "templateHash": "17870818057963659035" }, "name": "Public DNS Zone SRV record", "description": "This module deploys a Public DNS Zone SRV record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13880457002928639304" + "version": "0.22.6.54827", + "templateHash": "1743157605226588693" } }, "parameters": { diff --git a/modules/network/dns-zone/txt/README.md b/modules/network/dns-zone/txt/README.md index 9db5f6f73e..54111ce95e 100644 --- a/modules/network/dns-zone/txt/README.md +++ b/modules/network/dns-zone/txt/README.md @@ -20,30 +20,77 @@ This module deploys a Public DNS Zone TXT record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the TXT record. | +| [`name`](#parameter-name) | string | The name of the TXT record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dnsZoneName` | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | +| [`dnsZoneName`](#parameter-dnszonename) | string | The name of the parent DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | -| `txtRecords` | array | `[]` | The list of TXT records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +| [`txtRecords`](#parameter-txtrecords) | array | The list of TXT records in the record set. | + +### Parameter: `dnsZoneName` + +The name of the parent DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the TXT record. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` + +### Parameter: `txtRecords` + +The list of TXT records in the record set. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed TXT record. | | `resourceGroupName` | string | The resource group of the deployed TXT record. | diff --git a/modules/network/dns-zone/txt/main.json b/modules/network/dns-zone/txt/main.json index 3cc94f1b0e..d6a56e6411 100644 --- a/modules/network/dns-zone/txt/main.json +++ b/modules/network/dns-zone/txt/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16370550186541929198" + "version": "0.22.6.54827", + "templateHash": "13941492299186927650" }, "name": "Public DNS Zone TXT record", "description": "This module deploys a Public DNS Zone TXT record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17843024796725206765" + "version": "0.22.6.54827", + "templateHash": "7288997439030042721" } }, "parameters": { diff --git a/modules/network/express-route-circuit/.test/common/main.test.bicep b/modules/network/express-route-circuit/.test/common/main.test.bicep index 054fed2490..58ce2762f0 100644 --- a/modules/network/express-route-circuit/.test/common/main.test.bicep +++ b/modules/network/express-route-circuit/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/express-route-circuit/.test/min/main.test.bicep b/modules/network/express-route-circuit/.test/min/main.test.bicep index 10ba226791..9023c41dfe 100644 --- a/modules/network/express-route-circuit/.test/min/main.test.bicep +++ b/modules/network/express-route-circuit/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/express-route-circuit/README.md b/modules/network/express-route-circuit/README.md index 679f0b7aa6..3acc1d2f3c 100644 --- a/modules/network/express-route-circuit/README.md +++ b/modules/network/express-route-circuit/README.md @@ -4,13 +4,13 @@ This module deploys an Express Route Circuit. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,77 +19,28 @@ This module deploys an Express Route Circuit. | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/expressRouteCircuits` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/expressRouteCircuits) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `bandwidthInMbps` | int | This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. | -| `name` | string | This is the name of the ExpressRoute circuit. | -| `peeringLocation` | string | This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call. | -| `serviceProviderName` | string | This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowClassicOperations` | bool | `False` | | Allow classic operations. You can connect to virtual networks in the classic deployment model by setting allowClassicOperations to true. | -| `bandwidthInGbps` | int | `0` | | The bandwidth of the circuit when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. Default value of 0 will set the property to null. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, PeeringRouteLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `expressRoutePortResourceId` | string | `''` | | The reference to the ExpressRoutePort resource when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. | -| `globalReachEnabled` | bool | `False` | | Flag denoting global reach status. To enable ExpressRoute Global Reach between different geopolitical regions, your circuits must be Premium SKU. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `peerASN` | int | `0` | | The autonomous system number of the customer/connectivity provider. | -| `peering` | bool | `False` | | Enabled BGP peering type for the Circuit. | -| `peeringType` | string | `'AzurePrivatePeering'` | `[AzurePrivatePeering, MicrosoftPeering]` | BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering. | -| `primaryPeerAddressPrefix` | string | `''` | | A /30 subnet used to configure IP addresses for interfaces on Link1. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `secondaryPeerAddressPrefix` | string | `''` | | A /30 subnet used to configure IP addresses for interfaces on Link2. | -| `sharedKey` | string | `''` | | The shared key for peering configuration. Router does MD5 hash comparison to validate the packets sent by BGP connection. This parameter is optional and can be removed from peering configuration if not required. | -| `skuFamily` | string | `'MeteredData'` | `[MeteredData, UnlimitedData]` | Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedData SKU families. | -| `skuTier` | string | `'Standard'` | `[Local, Premium, Standard]` | Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vlanId` | int | `0` | | Specifies the identifier that is used to identify the customer. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of express route curcuit. | -| `resourceGroupName` | string | The resource group the express route curcuit was deployed into. | -| `resourceId` | string | The resource ID of express route curcuit. | -| `serviceKey` | string | The service key of the express route circuit. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.express-route-circuit:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module expressRouteCircuit './network/express-route-circuit/main.bicep' = { +module expressRouteCircuit 'br:bicep/modules/network.express-route-circuit:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nerccom' params: { // Required parameters @@ -203,14 +154,17 @@ module expressRouteCircuit './network/express-route-circuit/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module expressRouteCircuit './network/express-route-circuit/main.bicep' = { +module expressRouteCircuit 'br:bicep/modules/network.express-route-circuit:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nercmin' params: { // Required parameters @@ -259,3 +213,265 @@ module expressRouteCircuit './network/express-route-circuit/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`bandwidthInMbps`](#parameter-bandwidthinmbps) | int | This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. | +| [`name`](#parameter-name) | string | This is the name of the ExpressRoute circuit. | +| [`peeringLocation`](#parameter-peeringlocation) | string | This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call. | +| [`serviceProviderName`](#parameter-serviceprovidername) | string | This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowClassicOperations`](#parameter-allowclassicoperations) | bool | Allow classic operations. You can connect to virtual networks in the classic deployment model by setting allowClassicOperations to true. | +| [`bandwidthInGbps`](#parameter-bandwidthingbps) | int | The bandwidth of the circuit when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. Default value of 0 will set the property to null. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`expressRoutePortResourceId`](#parameter-expressrouteportresourceid) | string | The reference to the ExpressRoutePort resource when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. | +| [`globalReachEnabled`](#parameter-globalreachenabled) | bool | Flag denoting global reach status. To enable ExpressRoute Global Reach between different geopolitical regions, your circuits must be Premium SKU. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`peerASN`](#parameter-peerasn) | int | The autonomous system number of the customer/connectivity provider. | +| [`peering`](#parameter-peering) | bool | Enabled BGP peering type for the Circuit. | +| [`peeringType`](#parameter-peeringtype) | string | BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering. | +| [`primaryPeerAddressPrefix`](#parameter-primarypeeraddressprefix) | string | A /30 subnet used to configure IP addresses for interfaces on Link1. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`secondaryPeerAddressPrefix`](#parameter-secondarypeeraddressprefix) | string | A /30 subnet used to configure IP addresses for interfaces on Link2. | +| [`sharedKey`](#parameter-sharedkey) | string | The shared key for peering configuration. Router does MD5 hash comparison to validate the packets sent by BGP connection. This parameter is optional and can be removed from peering configuration if not required. | +| [`skuFamily`](#parameter-skufamily) | string | Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedData SKU families. | +| [`skuTier`](#parameter-skutier) | string | Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vlanId`](#parameter-vlanid) | int | Specifies the identifier that is used to identify the customer. | + +### Parameter: `allowClassicOperations` + +Allow classic operations. You can connect to virtual networks in the classic deployment model by setting allowClassicOperations to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `bandwidthInGbps` + +The bandwidth of the circuit when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. Default value of 0 will set the property to null. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `bandwidthInMbps` + +This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. +- Required: Yes +- Type: int + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, PeeringRouteLog]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `expressRoutePortResourceId` + +The reference to the ExpressRoutePort resource when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `globalReachEnabled` + +Flag denoting global reach status. To enable ExpressRoute Global Reach between different geopolitical regions, your circuits must be Premium SKU. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +This is the name of the ExpressRoute circuit. +- Required: Yes +- Type: string + +### Parameter: `peerASN` + +The autonomous system number of the customer/connectivity provider. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `peering` + +Enabled BGP peering type for the Circuit. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `peeringLocation` + +This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call. +- Required: Yes +- Type: string + +### Parameter: `peeringType` + +BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering. +- Required: No +- Type: string +- Default: `'AzurePrivatePeering'` +- Allowed: `[AzurePrivatePeering, MicrosoftPeering]` + +### Parameter: `primaryPeerAddressPrefix` + +A /30 subnet used to configure IP addresses for interfaces on Link1. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secondaryPeerAddressPrefix` + +A /30 subnet used to configure IP addresses for interfaces on Link2. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceProviderName` + +This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call. +- Required: Yes +- Type: string + +### Parameter: `sharedKey` + +The shared key for peering configuration. Router does MD5 hash comparison to validate the packets sent by BGP connection. This parameter is optional and can be removed from peering configuration if not required. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `skuFamily` + +Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedData SKU families. +- Required: No +- Type: string +- Default: `'MeteredData'` +- Allowed: `[MeteredData, UnlimitedData]` + +### Parameter: `skuTier` + +Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Local, Premium, Standard]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vlanId` + +Specifies the identifier that is used to identify the customer. +- Required: No +- Type: int +- Default: `0` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of express route curcuit. | +| `resourceGroupName` | string | The resource group the express route curcuit was deployed into. | +| `resourceId` | string | The resource ID of express route curcuit. | +| `serviceKey` | string | The service key of the express route circuit. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/express-route-circuit/main.json b/modules/network/express-route-circuit/main.json index 7ee4c7678d..74d56855cd 100644 --- a/modules/network/express-route-circuit/main.json +++ b/modules/network/express-route-circuit/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6824996198660601155" + "version": "0.22.6.54827", + "templateHash": "15387700502783731966" }, "name": "ExpressRoute Circuits", "description": "This module deploys an Express Route Circuit.", @@ -382,8 +382,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1993477429002621283" + "version": "0.22.6.54827", + "templateHash": "14124226202821764051" } }, "parameters": { diff --git a/modules/network/express-route-gateway/.test/common/main.test.bicep b/modules/network/express-route-gateway/.test/common/main.test.bicep index 264ba8ba7e..9dd58dbbe3 100644 --- a/modules/network/express-route-gateway/.test/common/main.test.bicep +++ b/modules/network/express-route-gateway/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/express-route-gateway/.test/min/main.test.bicep b/modules/network/express-route-gateway/.test/min/main.test.bicep index ec61027df0..b410608160 100644 --- a/modules/network/express-route-gateway/.test/min/main.test.bicep +++ b/modules/network/express-route-gateway/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/express-route-gateway/README.md b/modules/network/express-route-gateway/README.md index f7160b91ba..8221723ccf 100644 --- a/modules/network/express-route-gateway/README.md +++ b/modules/network/express-route-gateway/README.md @@ -5,10 +5,10 @@ This module deploys an Express Route Gateway. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,58 +18,28 @@ This module deploys an Express Route Gateway. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/expressRouteGateways` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/expressRouteGateways) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Express Route Gateway. | -| `virtualHubId` | string | Resource ID of the Virtual Wan Hub. | - -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowNonVirtualWanTraffic` | bool | `False` | | Configures this gateway to accept traffic from non Virtual WAN networks. | -| `autoScaleConfigurationBoundsMax` | int | `2` | | Maximum number of scale units deployed for ExpressRoute gateway. | -| `autoScaleConfigurationBoundsMin` | int | `2` | | Minimum number of scale units deployed for ExpressRoute gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `expressRouteConnections` | array | `[]` | | List of ExpressRoute connections to the ExpressRoute gateway. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the Firewall policy resource. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.express-route-gateway:1.0.0`. +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the ExpressRoute Gateway. | -| `resourceGroupName` | string | The resource group of the ExpressRoute Gateway was deployed into. | -| `resourceId` | string | The resource ID of the ExpressRoute Gateway. | - -## Cross-referenced modules - -_None_ - -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module expressRouteGateway './network/express-route-gateway/main.bicep' = { +module expressRouteGateway 'br:bicep/modules/network.express-route-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nergcom' params: { // Required parameters @@ -153,14 +123,17 @@ module expressRouteGateway './network/express-route-gateway/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module expressRouteGateway './network/express-route-gateway/main.bicep' = { +module expressRouteGateway 'br:bicep/modules/network.express-route-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nergmin' params: { // Required parameters @@ -201,3 +174,117 @@ module expressRouteGateway './network/express-route-gateway/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Express Route Gateway. | +| [`virtualHubId`](#parameter-virtualhubid) | string | Resource ID of the Virtual Wan Hub. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowNonVirtualWanTraffic`](#parameter-allownonvirtualwantraffic) | bool | Configures this gateway to accept traffic from non Virtual WAN networks. | +| [`autoScaleConfigurationBoundsMax`](#parameter-autoscaleconfigurationboundsmax) | int | Maximum number of scale units deployed for ExpressRoute gateway. | +| [`autoScaleConfigurationBoundsMin`](#parameter-autoscaleconfigurationboundsmin) | int | Minimum number of scale units deployed for ExpressRoute gateway. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`expressRouteConnections`](#parameter-expressrouteconnections) | array | List of ExpressRoute connections to the ExpressRoute gateway. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the Firewall policy resource. | + +### Parameter: `allowNonVirtualWanTraffic` + +Configures this gateway to accept traffic from non Virtual WAN networks. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `autoScaleConfigurationBoundsMax` + +Maximum number of scale units deployed for ExpressRoute gateway. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `autoScaleConfigurationBoundsMin` + +Minimum number of scale units deployed for ExpressRoute gateway. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `expressRouteConnections` + +List of ExpressRoute connections to the ExpressRoute gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Express Route Gateway. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the Firewall policy resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualHubId` + +Resource ID of the Virtual Wan Hub. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the ExpressRoute Gateway. | +| `resourceGroupName` | string | The resource group of the ExpressRoute Gateway was deployed into. | +| `resourceId` | string | The resource ID of the ExpressRoute Gateway. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/express-route-gateway/main.json b/modules/network/express-route-gateway/main.json index 3431a0aef3..084701ac54 100644 --- a/modules/network/express-route-gateway/main.json +++ b/modules/network/express-route-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4204996721387656228" + "version": "0.22.6.54827", + "templateHash": "8092497363245159180" }, "name": "Express Route Gateways", "description": "This module deploys an Express Route Gateway.", @@ -176,8 +176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13068351482866901446" + "version": "0.22.6.54827", + "templateHash": "10999249246469924012" } }, "parameters": { diff --git a/modules/network/firewall-policy/.test/common/main.test.bicep b/modules/network/firewall-policy/.test/common/main.test.bicep index bf8c202a14..b0f3e73de8 100644 --- a/modules/network/firewall-policy/.test/common/main.test.bicep +++ b/modules/network/firewall-policy/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/firewall-policy/.test/min/main.test.bicep b/modules/network/firewall-policy/.test/min/main.test.bicep index bd06e9e9f4..2efbeaeead 100644 --- a/modules/network/firewall-policy/.test/min/main.test.bicep +++ b/modules/network/firewall-policy/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/firewall-policy/README.md b/modules/network/firewall-policy/README.md index 28a24d3072..6c127c21e5 100644 --- a/modules/network/firewall-policy/README.md +++ b/modules/network/firewall-policy/README.md @@ -5,10 +5,10 @@ This module deploys a Firewall Policy. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -17,72 +17,28 @@ This module deploys a Firewall Policy. | `Microsoft.Network/firewallPolicies` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/firewallPolicies) | | `Microsoft.Network/firewallPolicies/ruleCollectionGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/firewallPolicies/ruleCollectionGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Firewall Policy. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowSqlRedirect` | bool | `False` | | A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999. | -| `autoLearnPrivateRanges` | string | `'Disabled'` | `[Disabled, Enabled]` | The operation mode for automatically learning private ranges to not be SNAT. | -| `basePolicyResourceId` | string | `''` | | Resource ID of the base policy. | -| `bypassTrafficSettings` | array | `[]` | | List of rules for traffic to bypass. | -| `certificateName` | string | `''` | | Name of the CA certificate. | -| `defaultWorkspaceId` | string | `''` | | Default Log Analytics Resource ID for Firewall Policy Insights. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableProxy` | bool | `False` | | Enable DNS Proxy on Firewalls attached to the Firewall Policy. | -| `fqdns` | array | `[]` | | List of FQDNs for the ThreatIntel Allowlist. | -| `insightsIsEnabled` | bool | `False` | | A flag to indicate if the insights are enabled on the policy. | -| `ipAddresses` | array | `[]` | | List of IP addresses for the ThreatIntel Allowlist. | -| `keyVaultSecretId` | string | `''` | | Secret ID of (base-64 encoded unencrypted PFX) Secret or Certificate object stored in KeyVault. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `mode` | string | `'Off'` | `[Alert, Deny, Off]` | The configuring of intrusion detection. | -| `privateRanges` | array | `[]` | | List of private IP addresses/IP address ranges to not be SNAT. | -| `retentionDays` | int | `365` | | Number of days the insights should be enabled on the policy. | -| `ruleCollectionGroups` | array | `[]` | | Rule collection groups. | -| `servers` | array | `[]` | | List of Custom DNS Servers. | -| `signatureOverrides` | array | `[]` | | List of specific signatures states. | -| `tags` | object | `{object}` | | Tags of the Firewall policy resource. | -| `threatIntelMode` | string | `'Off'` | `[Alert, Deny, Off]` | The operation mode for Threat Intel. | -| `tier` | string | `'Standard'` | `[Premium, Standard]` | Tier of Firewall Policy. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `workspaces` | array | `[]` | | List of workspaces for Firewall Policy Insights. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed firewall policy. | -| `resourceGroupName` | string | The resource group of the deployed firewall policy. | -| `resourceId` | string | The resource ID of the deployed firewall policy. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.firewall-policy:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module firewallPolicy './network/firewall-policy/main.bicep' = { +module firewallPolicy 'br:bicep/modules/network.firewall-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nfpcom' params: { // Required parameters @@ -218,14 +174,17 @@ module firewallPolicy './network/firewall-policy/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module firewallPolicy './network/firewall-policy/main.bicep' = { +module firewallPolicy 'br:bicep/modules/network.firewall-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nfpmin' params: { // Required parameters @@ -262,3 +221,233 @@ module firewallPolicy './network/firewall-policy/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Firewall Policy. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowSqlRedirect`](#parameter-allowsqlredirect) | bool | A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999. | +| [`autoLearnPrivateRanges`](#parameter-autolearnprivateranges) | string | The operation mode for automatically learning private ranges to not be SNAT. | +| [`basePolicyResourceId`](#parameter-basepolicyresourceid) | string | Resource ID of the base policy. | +| [`bypassTrafficSettings`](#parameter-bypasstrafficsettings) | array | List of rules for traffic to bypass. | +| [`certificateName`](#parameter-certificatename) | string | Name of the CA certificate. | +| [`defaultWorkspaceId`](#parameter-defaultworkspaceid) | string | Default Log Analytics Resource ID for Firewall Policy Insights. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableProxy`](#parameter-enableproxy) | bool | Enable DNS Proxy on Firewalls attached to the Firewall Policy. | +| [`fqdns`](#parameter-fqdns) | array | List of FQDNs for the ThreatIntel Allowlist. | +| [`insightsIsEnabled`](#parameter-insightsisenabled) | bool | A flag to indicate if the insights are enabled on the policy. | +| [`ipAddresses`](#parameter-ipaddresses) | array | List of IP addresses for the ThreatIntel Allowlist. | +| [`keyVaultSecretId`](#parameter-keyvaultsecretid) | string | Secret ID of (base-64 encoded unencrypted PFX) Secret or Certificate object stored in KeyVault. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`mode`](#parameter-mode) | string | The configuring of intrusion detection. | +| [`privateRanges`](#parameter-privateranges) | array | List of private IP addresses/IP address ranges to not be SNAT. | +| [`retentionDays`](#parameter-retentiondays) | int | Number of days the insights should be enabled on the policy. | +| [`ruleCollectionGroups`](#parameter-rulecollectiongroups) | array | Rule collection groups. | +| [`servers`](#parameter-servers) | array | List of Custom DNS Servers. | +| [`signatureOverrides`](#parameter-signatureoverrides) | array | List of specific signatures states. | +| [`tags`](#parameter-tags) | object | Tags of the Firewall policy resource. | +| [`threatIntelMode`](#parameter-threatintelmode) | string | The operation mode for Threat Intel. | +| [`tier`](#parameter-tier) | string | Tier of Firewall Policy. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`workspaces`](#parameter-workspaces) | array | List of workspaces for Firewall Policy Insights. | + +### Parameter: `allowSqlRedirect` + +A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `autoLearnPrivateRanges` + +The operation mode for automatically learning private ranges to not be SNAT. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `basePolicyResourceId` + +Resource ID of the base policy. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `bypassTrafficSettings` + +List of rules for traffic to bypass. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `certificateName` + +Name of the CA certificate. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `defaultWorkspaceId` + +Default Log Analytics Resource ID for Firewall Policy Insights. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableProxy` + +Enable DNS Proxy on Firewalls attached to the Firewall Policy. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `fqdns` + +List of FQDNs for the ThreatIntel Allowlist. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `insightsIsEnabled` + +A flag to indicate if the insights are enabled on the policy. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `ipAddresses` + +List of IP addresses for the ThreatIntel Allowlist. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `keyVaultSecretId` + +Secret ID of (base-64 encoded unencrypted PFX) Secret or Certificate object stored in KeyVault. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `mode` + +The configuring of intrusion detection. +- Required: No +- Type: string +- Default: `'Off'` +- Allowed: `[Alert, Deny, Off]` + +### Parameter: `name` + +Name of the Firewall Policy. +- Required: Yes +- Type: string + +### Parameter: `privateRanges` + +List of private IP addresses/IP address ranges to not be SNAT. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `retentionDays` + +Number of days the insights should be enabled on the policy. +- Required: No +- Type: int +- Default: `365` + +### Parameter: `ruleCollectionGroups` + +Rule collection groups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `servers` + +List of Custom DNS Servers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `signatureOverrides` + +List of specific signatures states. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the Firewall policy resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `threatIntelMode` + +The operation mode for Threat Intel. +- Required: No +- Type: string +- Default: `'Off'` +- Allowed: `[Alert, Deny, Off]` + +### Parameter: `tier` + +Tier of Firewall Policy. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Premium, Standard]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaces` + +List of workspaces for Firewall Policy Insights. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed firewall policy. | +| `resourceGroupName` | string | The resource group of the deployed firewall policy. | +| `resourceId` | string | The resource ID of the deployed firewall policy. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/firewall-policy/main.json b/modules/network/firewall-policy/main.json index 17bff00e52..466fff08d7 100644 --- a/modules/network/firewall-policy/main.json +++ b/modules/network/firewall-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6554136279481645026" + "version": "0.22.6.54827", + "templateHash": "18116522930721554549" }, "name": "Firewall Policies", "description": "This module deploys a Firewall Policy.", @@ -290,8 +290,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6780265410658307445" + "version": "0.22.6.54827", + "templateHash": "13617778659554817427" }, "name": "Firewall Policy Rule Collection Groups", "description": "This module deploys a Firewall Policy Rule Collection Group.", diff --git a/modules/network/firewall-policy/rule-collection-group/README.md b/modules/network/firewall-policy/rule-collection-group/README.md index 9be45dfd53..920f33ecd8 100644 --- a/modules/network/firewall-policy/rule-collection-group/README.md +++ b/modules/network/firewall-policy/rule-collection-group/README.md @@ -19,28 +19,60 @@ This module deploys a Firewall Policy Rule Collection Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the rule collection group to deploy. | -| `priority` | int | Priority of the Firewall Policy Rule Collection Group resource. | +| [`name`](#parameter-name) | string | The name of the rule collection group to deploy. | +| [`priority`](#parameter-priority) | int | Priority of the Firewall Policy Rule Collection Group resource. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `firewallPolicyName` | string | The name of the parent Firewall Policy. Required if the template is used in a standalone deployment. | +| [`firewallPolicyName`](#parameter-firewallpolicyname) | string | The name of the parent Firewall Policy. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ruleCollections` | array | `[]` | Group of Firewall Policy rule collections. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ruleCollections`](#parameter-rulecollections) | array | Group of Firewall Policy rule collections. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallPolicyName` + +The name of the parent Firewall Policy. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the rule collection group to deploy. +- Required: Yes +- Type: string + +### Parameter: `priority` + +Priority of the Firewall Policy Rule Collection Group resource. +- Required: Yes +- Type: int + +### Parameter: `ruleCollections` + +Group of Firewall Policy rule collections. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed rule collection group. | | `resourceGroupName` | string | The resource group of the deployed rule collection group. | diff --git a/modules/network/firewall-policy/rule-collection-group/main.json b/modules/network/firewall-policy/rule-collection-group/main.json index f2abb4caf2..6c26a49d8a 100644 --- a/modules/network/firewall-policy/rule-collection-group/main.json +++ b/modules/network/firewall-policy/rule-collection-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12741470915279971248" + "version": "0.22.6.54827", + "templateHash": "13617778659554817427" }, "name": "Firewall Policy Rule Collection Groups", "description": "This module deploys a Firewall Policy Rule Collection Group.", diff --git a/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep b/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep index 838318de95..a971d68691 100644 --- a/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep +++ b/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/front-door-web-application-firewall-policy/.test/min/main.test.bicep b/modules/network/front-door-web-application-firewall-policy/.test/min/main.test.bicep index 469b740344..e6dc94614a 100644 --- a/modules/network/front-door-web-application-firewall-policy/.test/min/main.test.bicep +++ b/modules/network/front-door-web-application-firewall-policy/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/front-door-web-application-firewall-policy/README.md b/modules/network/front-door-web-application-firewall-policy/README.md index 41570c94cd..8cf0e4a016 100644 --- a/modules/network/front-door-web-application-firewall-policy/README.md +++ b/modules/network/front-door-web-application-firewall-policy/README.md @@ -5,10 +5,10 @@ This module deploys a Front Door Web Application Firewall (WAF) Policy. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,57 +18,28 @@ This module deploys a Front Door Web Application Firewall (WAF) Policy. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/FrontDoorWebApplicationFirewallPolicies` | [2022-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-05-01/FrontDoorWebApplicationFirewallPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Front Door WAF policy. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customRules` | object | `{object}` | | The custom rules inside the policy. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedRules` | object | `{object}` | | Describes the managedRules structure. | -| `policySettings` | object | `{object}` | | The PolicySettings for policy. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard_AzureFrontDoor'` | `[Premium_AzureFrontDoor, Standard_AzureFrontDoor]` | The pricing tier of the WAF profile. | -| `tags` | object | `{object}` | | Resource tags. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Front Door WAF policy. | -| `resourceGroupName` | string | The resource group the Front Door WAF policy was deployed into. | -| `resourceId` | string | The resource ID of the Front Door WAF policy. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.front-door-web-application-firewall-policy:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module frontDoorWebApplicationFirewallPolicy './network/front-door-web-application-firewall-policy/main.bicep' = { +module frontDoorWebApplicationFirewallPolicy 'br:bicep/modules/network.front-door-web-application-firewall-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nagwafpcom' params: { // Required parameters @@ -276,14 +247,17 @@ module frontDoorWebApplicationFirewallPolicy './network/front-door-web-applicati

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module frontDoorWebApplicationFirewallPolicy './network/front-door-web-application-firewall-policy/main.bicep' = { +module frontDoorWebApplicationFirewallPolicy 'br:bicep/modules/network.front-door-web-application-firewall-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nagwafpmin' params: { // Required parameters @@ -320,3 +294,111 @@ module frontDoorWebApplicationFirewallPolicy './network/front-door-web-applicati

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Front Door WAF policy. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customRules`](#parameter-customrules) | object | The custom rules inside the policy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedRules`](#parameter-managedrules) | object | Describes the managedRules structure. | +| [`policySettings`](#parameter-policysettings) | object | The PolicySettings for policy. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The pricing tier of the WAF profile. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `customRules` + +The custom rules inside the policy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedRules` + +Describes the managedRules structure. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the Front Door WAF policy. +- Required: Yes +- Type: string + +### Parameter: `policySettings` + +The PolicySettings for policy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier of the WAF profile. +- Required: No +- Type: string +- Default: `'Standard_AzureFrontDoor'` +- Allowed: `[Premium_AzureFrontDoor, Standard_AzureFrontDoor]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Front Door WAF policy. | +| `resourceGroupName` | string | The resource group the Front Door WAF policy was deployed into. | +| `resourceId` | string | The resource ID of the Front Door WAF policy. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/front-door-web-application-firewall-policy/main.json b/modules/network/front-door-web-application-firewall-policy/main.json index 0d56d79ca8..a2dffd263e 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.json +++ b/modules/network/front-door-web-application-firewall-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3252423512239689635" + "version": "0.22.6.54827", + "templateHash": "9522616710967870505" }, "name": "Front Door Web Application Firewall (WAF) Policies", "description": "This module deploys a Front Door Web Application Firewall (WAF) Policy.", @@ -210,8 +210,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9019610193929502057" + "version": "0.22.6.54827", + "templateHash": "15230534892714027949" } }, "parameters": { diff --git a/modules/network/front-door/.test/common/main.test.bicep b/modules/network/front-door/.test/common/main.test.bicep index c8ce73be84..dfc4e2b726 100644 --- a/modules/network/front-door/.test/common/main.test.bicep +++ b/modules/network/front-door/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/front-door/.test/min/main.test.bicep b/modules/network/front-door/.test/min/main.test.bicep index 5cde0a04e4..d924dcbb25 100644 --- a/modules/network/front-door/.test/min/main.test.bicep +++ b/modules/network/front-door/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/front-door/README.md b/modules/network/front-door/README.md index 64e78ae5f3..f9b46052f3 100644 --- a/modules/network/front-door/README.md +++ b/modules/network/front-door/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Front Door. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -19,67 +19,28 @@ This module deploys an Azure Front Door. | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/frontDoors` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/frontDoors) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `backendPools` | array | Backend address pool of the frontdoor resource. | -| `frontendEndpoints` | array | Frontend endpoints of the frontdoor resource. | -| `healthProbeSettings` | array | Heath probe settings of the frontdoor resource. | -| `loadBalancingSettings` | array | Load balancing settings of the frontdoor resource. | -| `name` | string | The name of the frontDoor. | -| `routingRules` | array | Routing rules settings of the frontdoor resource. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.front-door:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | | State of the frontdoor resource. | -| `enforceCertificateNameCheck` | string | `'Disabled'` | | Enforce certificate name check of the frontdoor resource. | -| `friendlyName` | string | `''` | | Friendly name of the frontdoor resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sendRecvTimeoutSeconds` | int | `240` | | Certificate name check time of the frontdoor resource. | -| `tags` | object | `{object}` | | Resource tags. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the front door. | -| `resourceGroupName` | string | The resource group the front door was deployed into. | -| `resourceId` | string | The resource ID of the front door. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module frontDoor './network/front-door/main.bicep' = { +module frontDoor 'br:bicep/modules/network.front-door:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nfdcom' params: { // Required parameters @@ -345,14 +306,17 @@ module frontDoor './network/front-door/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module frontDoor './network/front-door/main.bicep' = { +module frontDoor 'br:bicep/modules/network.front-door:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nfdmin' params: { // Required parameters @@ -557,3 +521,194 @@ module frontDoor './network/front-door/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backendPools`](#parameter-backendpools) | array | Backend address pool of the frontdoor resource. | +| [`frontendEndpoints`](#parameter-frontendendpoints) | array | Frontend endpoints of the frontdoor resource. | +| [`healthProbeSettings`](#parameter-healthprobesettings) | array | Heath probe settings of the frontdoor resource. | +| [`loadBalancingSettings`](#parameter-loadbalancingsettings) | array | Load balancing settings of the frontdoor resource. | +| [`name`](#parameter-name) | string | The name of the frontDoor. | +| [`routingRules`](#parameter-routingrules) | array | Routing rules settings of the frontdoor resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | State of the frontdoor resource. | +| [`enforceCertificateNameCheck`](#parameter-enforcecertificatenamecheck) | string | Enforce certificate name check of the frontdoor resource. | +| [`friendlyName`](#parameter-friendlyname) | string | Friendly name of the frontdoor resource. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`metricsToEnable`](#parameter-metricstoenable) | array | The name of metrics that will be streamed. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sendRecvTimeoutSeconds`](#parameter-sendrecvtimeoutseconds) | int | Certificate name check time of the frontdoor resource. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `backendPools` + +Backend address pool of the frontdoor resource. +- Required: Yes +- Type: array + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +State of the frontdoor resource. +- Required: No +- Type: string +- Default: `'Enabled'` + +### Parameter: `enforceCertificateNameCheck` + +Enforce certificate name check of the frontdoor resource. +- Required: No +- Type: string +- Default: `'Disabled'` + +### Parameter: `friendlyName` + +Friendly name of the frontdoor resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `frontendEndpoints` + +Frontend endpoints of the frontdoor resource. +- Required: Yes +- Type: array + +### Parameter: `healthProbeSettings` + +Heath probe settings of the frontdoor resource. +- Required: Yes +- Type: array + +### Parameter: `loadBalancingSettings` + +Load balancing settings of the frontdoor resource. +- Required: Yes +- Type: array + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `metricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `name` + +The name of the frontDoor. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `routingRules` + +Routing rules settings of the frontdoor resource. +- Required: Yes +- Type: array + +### Parameter: `sendRecvTimeoutSeconds` + +Certificate name check time of the frontdoor resource. +- Required: No +- Type: int +- Default: `240` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the front door. | +| `resourceGroupName` | string | The resource group the front door was deployed into. | +| `resourceId` | string | The resource ID of the front door. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/front-door/main.json b/modules/network/front-door/main.json index 6d8212300c..3722abf630 100644 --- a/modules/network/front-door/main.json +++ b/modules/network/front-door/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18085582863238637831" + "version": "0.22.6.54827", + "templateHash": "1800137372393005313" }, "name": "Azure Front Doors", "description": "This module deploys an Azure Front Door.", @@ -298,8 +298,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15530628531766056415" + "version": "0.22.6.54827", + "templateHash": "9337028153232884606" } }, "parameters": { diff --git a/modules/network/ip-group/.test/common/main.test.bicep b/modules/network/ip-group/.test/common/main.test.bicep index 3dad1a2400..61476fd930 100644 --- a/modules/network/ip-group/.test/common/main.test.bicep +++ b/modules/network/ip-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/ip-group/.test/min/main.test.bicep b/modules/network/ip-group/.test/min/main.test.bicep index dc0c682523..174c87ae38 100644 --- a/modules/network/ip-group/.test/min/main.test.bicep +++ b/modules/network/ip-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/ip-group/README.md b/modules/network/ip-group/README.md index d6481e255f..2de276d682 100644 --- a/modules/network/ip-group/README.md +++ b/modules/network/ip-group/README.md @@ -4,13 +4,13 @@ This module deploys an IP Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,54 +18,28 @@ This module deploys an IP Group. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/ipGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/ipGroups) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the ipGroups. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipAddresses` | array | `[]` | | IpAddresses/IpAddressPrefixes in the IpGroups resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.ip-group:1.0.0`. +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Outputs +### Example 1: _Using large parameter set_ -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the IP group. | -| `resourceGroupName` | string | The resource group of the IP group was deployed into. | -| `resourceId` | string | The resource ID of the IP group. | - -## Cross-referenced modules - -_None_ +This instance deploys the module with most of its features enabled. -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module ipGroup './network/ip-group/main.bicep' = { +module ipGroup 'br:bicep/modules/network.ip-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nigcom' params: { // Required parameters @@ -149,14 +123,17 @@ module ipGroup './network/ip-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module ipGroup './network/ip-group/main.bicep' = { +module ipGroup 'br:bicep/modules/network.ip-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nigmin' params: { // Required parameters @@ -193,3 +170,86 @@ module ipGroup './network/ip-group/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the ipGroups. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipAddresses`](#parameter-ipaddresses) | array | IpAddresses/IpAddressPrefixes in the IpGroups resource. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipAddresses` + +IpAddresses/IpAddressPrefixes in the IpGroups resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the ipGroups. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the IP group. | +| `resourceGroupName` | string | The resource group of the IP group was deployed into. | +| `resourceId` | string | The resource ID of the IP group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/ip-group/main.json b/modules/network/ip-group/main.json index 5ab53eaa7a..3d3b61dbe5 100644 --- a/modules/network/ip-group/main.json +++ b/modules/network/ip-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14113274555296490837" + "version": "0.22.6.54827", + "templateHash": "3722289923159347480" }, "name": "IP Groups", "description": "This module deploys an IP Group.", @@ -140,8 +140,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15558620083655583266" + "version": "0.22.6.54827", + "templateHash": "11934973470926193389" } }, "parameters": { diff --git a/modules/network/load-balancer/.test/common/main.test.bicep b/modules/network/load-balancer/.test/common/main.test.bicep index 79ce0f2cbd..6efb446ead 100644 --- a/modules/network/load-balancer/.test/common/main.test.bicep +++ b/modules/network/load-balancer/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/load-balancer/.test/min/main.test.bicep b/modules/network/load-balancer/.test/min/main.test.bicep index de083737e7..dbb4ca6571 100644 --- a/modules/network/load-balancer/.test/min/main.test.bicep +++ b/modules/network/load-balancer/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/load-balancer/README.md b/modules/network/load-balancer/README.md index 5c8c51a3b7..779036371c 100644 --- a/modules/network/load-balancer/README.md +++ b/modules/network/load-balancer/README.md @@ -4,14 +4,14 @@ This module deploys a Load Balancer. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,67 +22,29 @@ This module deploys a Load Balancer. | `Microsoft.Network/loadBalancers/backendAddressPools` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/loadBalancers/backendAddressPools) | | `Microsoft.Network/loadBalancers/inboundNatRules` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/loadBalancers/inboundNatRules) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `frontendIPConfigurations` | array | Array of objects containing all frontend IP configurations. | -| `name` | string | The Proximity Placement Groups Name. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.load-balancer:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backendAddressPools` | array | `[]` | | Collection of backend address pools used by a load balancer. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `inboundNatRules` | array | `[]` | | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | -| `loadBalancingRules` | array | `[]` | | Array of objects containing all load balancing rules. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `outboundRules` | array | `[]` | | The outbound rules. | -| `probes` | array | `[]` | | Array of objects containing all probes, these are references in the load balancing rules. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Standard'` | `[Basic, Standard]` | Name of a load balancer SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Internal](#example-2-internal) +- [Using only defaults](#example-3-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `backendpools` | array | The backend address pools available in the load balancer. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the load balancer. | -| `resourceGroupName` | string | The resource group the load balancer was deployed into. | -| `resourceId` | string | The resource ID of the load balancer. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module loadBalancer './network/load-balancer/main.bicep' = { +module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nlbcom' params: { // Required parameters @@ -344,14 +306,14 @@ module loadBalancer './network/load-balancer/main.bicep' = {

-

Example 2: Internal

+### Example 2: _Internal_
via Bicep module ```bicep -module loadBalancer './network/load-balancer/main.bicep' = { +module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nlbint' params: { // Required parameters @@ -559,14 +521,17 @@ module loadBalancer './network/load-balancer/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module loadBalancer './network/load-balancer/main.bicep' = { +module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nlbmin' params: { // Required parameters @@ -619,6 +584,186 @@ module loadBalancer './network/load-balancer/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`frontendIPConfigurations`](#parameter-frontendipconfigurations) | array | Array of objects containing all frontend IP configurations. | +| [`name`](#parameter-name) | string | The Proximity Placement Groups Name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backendAddressPools`](#parameter-backendaddresspools) | array | Collection of backend address pools used by a load balancer. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`inboundNatRules`](#parameter-inboundnatrules) | array | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | +| [`loadBalancingRules`](#parameter-loadbalancingrules) | array | Array of objects containing all load balancing rules. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`outboundRules`](#parameter-outboundrules) | array | The outbound rules. | +| [`probes`](#parameter-probes) | array | Array of objects containing all probes, these are references in the load balancing rules. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | Name of a load balancer SKU. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `backendAddressPools` + +Collection of backend address pools used by a load balancer. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `frontendIPConfigurations` + +Array of objects containing all frontend IP configurations. +- Required: Yes +- Type: array + +### Parameter: `inboundNatRules` + +Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `loadBalancingRules` + +Array of objects containing all load balancing rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The Proximity Placement Groups Name. +- Required: Yes +- Type: string + +### Parameter: `outboundRules` + +The outbound rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `probes` + +Array of objects containing all probes, these are references in the load balancing rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +Name of a load balancer SKU. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Standard]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `backendpools` | array | The backend address pools available in the load balancer. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the load balancer. | +| `resourceGroupName` | string | The resource group the load balancer was deployed into. | +| `resourceId` | string | The resource ID of the load balancer. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `backendAddressPools` diff --git a/modules/network/load-balancer/backend-address-pool/README.md b/modules/network/load-balancer/backend-address-pool/README.md index 44dfdef1f7..99b752c0a9 100644 --- a/modules/network/load-balancer/backend-address-pool/README.md +++ b/modules/network/load-balancer/backend-address-pool/README.md @@ -19,30 +19,78 @@ This module deploys a Load Balancer Backend Address Pools. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the backend address pool. | +| [`name`](#parameter-name) | string | The name of the backend address pool. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `loadBalancerName` | string | The name of the parent load balancer. Required if the template is used in a standalone deployment. | +| [`loadBalancerName`](#parameter-loadbalancername) | string | The name of the parent load balancer. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `drainPeriodInSeconds` | int | `0` | | Amount of seconds Load Balancer waits for before sending RESET to client and backend address. if value is 0 then this property will be set to null. Subscription must register the feature Microsoft.Network/SLBAllowConnectionDraining before using this property. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `loadBalancerBackendAddresses` | array | `[]` | | An array of backend addresses. | -| `syncMode` | string | `''` | `['', Automatic, Manual]` | Backend address synchronous mode for the backend pool. | -| `tunnelInterfaces` | array | `[]` | | An array of gateway load balancer tunnel interfaces. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`drainPeriodInSeconds`](#parameter-drainperiodinseconds) | int | Amount of seconds Load Balancer waits for before sending RESET to client and backend address. if value is 0 then this property will be set to null. Subscription must register the feature Microsoft.Network/SLBAllowConnectionDraining before using this property. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`loadBalancerBackendAddresses`](#parameter-loadbalancerbackendaddresses) | array | An array of backend addresses. | +| [`syncMode`](#parameter-syncmode) | string | Backend address synchronous mode for the backend pool. | +| [`tunnelInterfaces`](#parameter-tunnelinterfaces) | array | An array of gateway load balancer tunnel interfaces. | + +### Parameter: `drainPeriodInSeconds` + +Amount of seconds Load Balancer waits for before sending RESET to client and backend address. if value is 0 then this property will be set to null. Subscription must register the feature Microsoft.Network/SLBAllowConnectionDraining before using this property. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `loadBalancerBackendAddresses` + +An array of backend addresses. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `loadBalancerName` + +The name of the parent load balancer. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the backend address pool. +- Required: Yes +- Type: string + +### Parameter: `syncMode` + +Backend address synchronous mode for the backend pool. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Automatic, Manual]` + +### Parameter: `tunnelInterfaces` + +An array of gateway load balancer tunnel interfaces. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the backend address pool. | | `resourceGroupName` | string | The resource group the backend address pool was deployed into. | diff --git a/modules/network/load-balancer/backend-address-pool/main.json b/modules/network/load-balancer/backend-address-pool/main.json index 4c67067b1a..e79735bfeb 100644 --- a/modules/network/load-balancer/backend-address-pool/main.json +++ b/modules/network/load-balancer/backend-address-pool/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14919070901241549953" + "version": "0.22.6.54827", + "templateHash": "8746126160153035357" }, "name": "Load Balancer Backend Address Pools", "description": "This module deploys a Load Balancer Backend Address Pools.", diff --git a/modules/network/load-balancer/inbound-nat-rule/README.md b/modules/network/load-balancer/inbound-nat-rule/README.md index c26aee6bf8..012c32a79f 100644 --- a/modules/network/load-balancer/inbound-nat-rule/README.md +++ b/modules/network/load-balancer/inbound-nat-rule/README.md @@ -19,36 +19,124 @@ This module deploys a Load Balancer Inbound NAT Rules. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `frontendIPConfigurationName` | string | The name of the frontend IP address to set for the inbound NAT rule. | -| `frontendPort` | int | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. | -| `name` | string | The name of the inbound NAT rule. | +| [`frontendIPConfigurationName`](#parameter-frontendipconfigurationname) | string | The name of the frontend IP address to set for the inbound NAT rule. | +| [`frontendPort`](#parameter-frontendport) | int | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. | +| [`name`](#parameter-name) | string | The name of the inbound NAT rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `loadBalancerName` | string | The name of the parent load balancer. Required if the template is used in a standalone deployment. | +| [`loadBalancerName`](#parameter-loadbalancername) | string | The name of the parent load balancer. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backendAddressPoolName` | string | `''` | | Name of the backend address pool. | -| `backendPort` | int | `[parameters('frontendPort')]` | | The port used for the internal endpoint. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableFloatingIP` | bool | `False` | | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | -| `enableTcpReset` | bool | `False` | | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | -| `frontendPortRangeEnd` | int | `-1` | | The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | -| `frontendPortRangeStart` | int | `-1` | | The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | -| `idleTimeoutInMinutes` | int | `4` | | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | -| `protocol` | string | `'Tcp'` | `[All, Tcp, Udp]` | The transport protocol for the endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backendAddressPoolName`](#parameter-backendaddresspoolname) | string | Name of the backend address pool. | +| [`backendPort`](#parameter-backendport) | int | The port used for the internal endpoint. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableFloatingIP`](#parameter-enablefloatingip) | bool | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | +| [`enableTcpReset`](#parameter-enabletcpreset) | bool | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | +| [`frontendPortRangeEnd`](#parameter-frontendportrangeend) | int | The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | +| [`frontendPortRangeStart`](#parameter-frontendportrangestart) | int | The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | +| [`idleTimeoutInMinutes`](#parameter-idletimeoutinminutes) | int | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | +| [`protocol`](#parameter-protocol) | string | The transport protocol for the endpoint. | + +### Parameter: `backendAddressPoolName` + +Name of the backend address pool. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `backendPort` + +The port used for the internal endpoint. +- Required: No +- Type: int +- Default: `[parameters('frontendPort')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableFloatingIP` + +Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableTcpReset` + +Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `frontendIPConfigurationName` + +The name of the frontend IP address to set for the inbound NAT rule. +- Required: Yes +- Type: string + +### Parameter: `frontendPort` + +The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. +- Required: Yes +- Type: int + +### Parameter: `frontendPortRangeEnd` + +The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `frontendPortRangeStart` + +The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `idleTimeoutInMinutes` + +The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. +- Required: No +- Type: int +- Default: `4` + +### Parameter: `loadBalancerName` + +The name of the parent load balancer. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the inbound NAT rule. +- Required: Yes +- Type: string + +### Parameter: `protocol` + +The transport protocol for the endpoint. +- Required: No +- Type: string +- Default: `'Tcp'` +- Allowed: `[All, Tcp, Udp]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the inbound NAT rule. | | `resourceGroupName` | string | The resource group the inbound NAT rule was deployed into. | diff --git a/modules/network/load-balancer/inbound-nat-rule/main.json b/modules/network/load-balancer/inbound-nat-rule/main.json index e340a35b19..f72e675dc4 100644 --- a/modules/network/load-balancer/inbound-nat-rule/main.json +++ b/modules/network/load-balancer/inbound-nat-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17563889842244498787" + "version": "0.22.6.54827", + "templateHash": "10708877822656641045" }, "name": "Load Balancer Inbound NAT Rules", "description": "This module deploys a Load Balancer Inbound NAT Rules.", diff --git a/modules/network/load-balancer/main.json b/modules/network/load-balancer/main.json index ef65dd9b14..974b7006fd 100644 --- a/modules/network/load-balancer/main.json +++ b/modules/network/load-balancer/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5174015576413093389" + "version": "0.22.6.54827", + "templateHash": "4129476930281729422" }, "name": "Load Balancers", "description": "This module deploys a Load Balancer.", @@ -353,8 +353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10695626328021788561" + "version": "0.22.6.54827", + "templateHash": "8746126160153035357" }, "name": "Load Balancer Backend Address Pools", "description": "This module deploys a Load Balancer Backend Address Pools.", @@ -514,8 +514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8138775732002888044" + "version": "0.22.6.54827", + "templateHash": "10708877822656641045" }, "name": "Load Balancer Inbound NAT Rules", "description": "This module deploys a Load Balancer Inbound NAT Rules.", @@ -722,8 +722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5738508706605924950" + "version": "0.22.6.54827", + "templateHash": "14340033754168371744" } }, "parameters": { diff --git a/modules/network/local-network-gateway/.test/common/main.test.bicep b/modules/network/local-network-gateway/.test/common/main.test.bicep index eb7d4a2d7a..8bebc4a7aa 100644 --- a/modules/network/local-network-gateway/.test/common/main.test.bicep +++ b/modules/network/local-network-gateway/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/local-network-gateway/.test/min/main.test.bicep b/modules/network/local-network-gateway/.test/min/main.test.bicep index 54f8df4c34..b9577924ea 100644 --- a/modules/network/local-network-gateway/.test/min/main.test.bicep +++ b/modules/network/local-network-gateway/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/local-network-gateway/README.md b/modules/network/local-network-gateway/README.md index 6cbde10008..0f26183ba5 100644 --- a/modules/network/local-network-gateway/README.md +++ b/modules/network/local-network-gateway/README.md @@ -4,13 +4,13 @@ This module deploys a Local Network Gateway. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,59 +18,28 @@ This module deploys a Local Network Gateway. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/localNetworkGateways` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/localNetworkGateways) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `localAddressPrefixes` | array | List of the local (on-premises) IP address ranges. | -| `localGatewayPublicIpAddress` | string | Public IP of the local gateway. | -| `name` | string | Name of the Local Network Gateway. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `fqdn` | string | `''` | | FQDN of local network gateway. | -| `localAsn` | string | `''` | | The BGP speaker's ASN. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | -| `localBgpPeeringAddress` | string | `''` | | The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | -| `localPeerWeight` | string | `''` | | The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the local network gateway. | -| `resourceGroupName` | string | The resource group the local network gateway was deployed into. | -| `resourceId` | string | The resource ID of the local network gateway. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.local-network-gateway:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module localNetworkGateway './network/local-network-gateway/main.bicep' = { +module localNetworkGateway 'br:bicep/modules/network.local-network-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nlngcom' params: { // Required parameters @@ -164,14 +133,17 @@ module localNetworkGateway './network/local-network-gateway/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module localNetworkGateway './network/local-network-gateway/main.bicep' = { +module localNetworkGateway 'br:bicep/modules/network.local-network-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nlngmin' params: { // Required parameters @@ -220,3 +192,124 @@ module localNetworkGateway './network/local-network-gateway/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`localAddressPrefixes`](#parameter-localaddressprefixes) | array | List of the local (on-premises) IP address ranges. | +| [`localGatewayPublicIpAddress`](#parameter-localgatewaypublicipaddress) | string | Public IP of the local gateway. | +| [`name`](#parameter-name) | string | Name of the Local Network Gateway. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`fqdn`](#parameter-fqdn) | string | FQDN of local network gateway. | +| [`localAsn`](#parameter-localasn) | string | The BGP speaker's ASN. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | +| [`localBgpPeeringAddress`](#parameter-localbgppeeringaddress) | string | The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | +| [`localPeerWeight`](#parameter-localpeerweight) | string | The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fqdn` + +FQDN of local network gateway. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `localAddressPrefixes` + +List of the local (on-premises) IP address ranges. +- Required: Yes +- Type: array + +### Parameter: `localAsn` + +The BGP speaker's ASN. Not providing this value will automatically disable BGP on this Local Network Gateway resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `localBgpPeeringAddress` + +The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `localGatewayPublicIpAddress` + +Public IP of the local gateway. +- Required: Yes +- Type: string + +### Parameter: `localPeerWeight` + +The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Local Network Gateway. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the local network gateway. | +| `resourceGroupName` | string | The resource group the local network gateway was deployed into. | +| `resourceId` | string | The resource ID of the local network gateway. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/local-network-gateway/main.json b/modules/network/local-network-gateway/main.json index ab62f612c9..7ddb2effdf 100644 --- a/modules/network/local-network-gateway/main.json +++ b/modules/network/local-network-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12820613470164660088" + "version": "0.22.6.54827", + "templateHash": "3075207124319652071" }, "name": "Local Network Gateways", "description": "This module deploys a Local Network Gateway.", @@ -185,8 +185,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12018482118126048951" + "version": "0.22.6.54827", + "templateHash": "181485081298307705" } }, "parameters": { diff --git a/modules/network/nat-gateway/.test/common/main.test.bicep b/modules/network/nat-gateway/.test/common/main.test.bicep index 8bb8083fdd..178f58c027 100644 --- a/modules/network/nat-gateway/.test/common/main.test.bicep +++ b/modules/network/nat-gateway/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/nat-gateway/README.md b/modules/network/nat-gateway/README.md index 2ae5f1ad5c..8d239324a4 100644 --- a/modules/network/nat-gateway/README.md +++ b/modules/network/nat-gateway/README.md @@ -4,13 +4,13 @@ This module deploys a NAT Gateway. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,72 +20,27 @@ This module deploys a NAT Gateway. | `Microsoft.Network/natGateways` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/natGateways) | | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Bastion resource. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainNameLabel` | string | `''` | | DNS name of the Public IP resource. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `idleTimeoutInMinutes` | int | `5` | | The idle timeout of the NAT gateway. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `natGatewayPipName` | string | `''` | | Specifies the name of the Public IP used by the NAT Gateway. If it's not provided, a '-pip' suffix will be appended to the Bastion's name. | -| `natGatewayPublicIpAddress` | bool | `False` | | Use to have a new Public IP Address created for the NAT Gateway. | -| `publicIpAddresses` | array | `[]` | | Existing Public IP Address resource names to use for the NAT Gateway. | -| `publicIpPrefixes` | array | `[]` | | Existing Public IP Prefixes resource names to use for the NAT Gateway. | -| `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags for the resource. | -| `zones` | array | `[]` | | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.nat-gateway:1.0.0`. +- [Using large parameter set](#example-1-using-large-parameter-set) -## Outputs +### Example 1: _Using large parameter set_ -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the NAT Gateway. | -| `resourceGroupName` | string | The resource group the NAT Gateway was deployed into. | -| `resourceId` | string | The resource ID of the NAT Gateway. | +This instance deploys the module with most of its features enabled. -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/public-ip-address` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module natGateway './network/nat-gateway/main.bicep' = { +module natGateway 'br:bicep/modules/network.nat-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nngcom' params: { // Required parameters @@ -178,3 +133,204 @@ module natGateway './network/nat-gateway/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Bastion resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`domainNameLabel`](#parameter-domainnamelabel) | string | DNS name of the Public IP resource. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`idleTimeoutInMinutes`](#parameter-idletimeoutinminutes) | int | The idle timeout of the NAT gateway. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`natGatewayPipName`](#parameter-natgatewaypipname) | string | Specifies the name of the Public IP used by the NAT Gateway. If it's not provided, a '-pip' suffix will be appended to the Bastion's name. | +| [`natGatewayPublicIpAddress`](#parameter-natgatewaypublicipaddress) | bool | Use to have a new Public IP Address created for the NAT Gateway. | +| [`publicIpAddresses`](#parameter-publicipaddresses) | array | Existing Public IP Address resource names to use for the NAT Gateway. | +| [`publicIpPrefixes`](#parameter-publicipprefixes) | array | Existing Public IP Prefixes resource names to use for the NAT Gateway. | +| [`publicIPPrefixResourceId`](#parameter-publicipprefixresourceid) | string | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags for the resource. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainNameLabel` + +DNS name of the Public IP resource. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `idleTimeoutInMinutes` + +The idle timeout of the NAT gateway. +- Required: No +- Type: int +- Default: `5` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Bastion resource. +- Required: Yes +- Type: string + +### Parameter: `natGatewayPipName` + +Specifies the name of the Public IP used by the NAT Gateway. If it's not provided, a '-pip' suffix will be appended to the Bastion's name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `natGatewayPublicIpAddress` + +Use to have a new Public IP Address created for the NAT Gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `publicIpAddresses` + +Existing Public IP Address resource names to use for the NAT Gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIpPrefixes` + +Existing Public IP Prefixes resource names to use for the NAT Gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIPPrefixResourceId` + +Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags for the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zones` + +A list of availability zones denoting the zone in which Nat Gateway should be deployed. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the NAT Gateway. | +| `resourceGroupName` | string | The resource group the NAT Gateway was deployed into. | +| `resourceId` | string | The resource ID of the NAT Gateway. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/public-ip-address` | Local reference | diff --git a/modules/network/nat-gateway/main.json b/modules/network/nat-gateway/main.json index 8ae2e59ca3..ffc7620f1a 100644 --- a/modules/network/nat-gateway/main.json +++ b/modules/network/nat-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14895423675743454" + "version": "0.22.6.54827", + "templateHash": "9634258356447527908" }, "name": "NAT Gateways", "description": "This module deploys a NAT Gateway.", @@ -314,8 +314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -648,8 +648,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -866,8 +866,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15916588634255073631" + "version": "0.22.6.54827", + "templateHash": "15036243165894053484" } }, "parameters": { diff --git a/modules/network/network-interface/.test/common/main.test.bicep b/modules/network/network-interface/.test/common/main.test.bicep index 50737c3734..5a7bfcf666 100644 --- a/modules/network/network-interface/.test/common/main.test.bicep +++ b/modules/network/network-interface/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-interface/.test/min/main.test.bicep b/modules/network/network-interface/.test/min/main.test.bicep index 11236f4d45..8a045fec44 100644 --- a/modules/network/network-interface/.test/min/main.test.bicep +++ b/modules/network/network-interface/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-interface/README.md b/modules/network/network-interface/README.md index ed14946f06..ee9c528fdd 100644 --- a/modules/network/network-interface/README.md +++ b/modules/network/network-interface/README.md @@ -5,10 +5,10 @@ This module deploys a Network Interface. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -19,67 +19,28 @@ This module deploys a Network Interface. | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/networkInterfaces` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkInterfaces) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `ipConfigurations` | array | A list of IPConfigurations of the network interface. | -| `name` | string | The name of the network interface. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.network-interface:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `auxiliaryMode` | string | `'None'` | `[Floating, MaxConnections, None]` | Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. | -| `auxiliarySku` | string | `'None'` | `[A1, A2, A4, A8, None]` | Auxiliary sku of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource identifier of log analytics. | -| `disableTcpStateTracking` | bool | `False` | | Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true. | -| `dnsServers` | array | `[]` | | List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. | -| `enableAcceleratedNetworking` | bool | `False` | | If the network interface is accelerated networking enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableIPForwarding` | bool | `False` | | Indicates whether IP forwarding is enabled on this network interface. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkSecurityGroupResourceId` | string | `''` | | The network security group (NSG) to attach to the network interface. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed resource. | -| `resourceGroupName` | string | The resource group of the deployed resource. | -| `resourceId` | string | The resource ID of the deployed resource. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module networkInterface './network/network-interface/main.bicep' = { +module networkInterface 'br:bicep/modules/network.network-interface:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nnicom' params: { // Required parameters @@ -219,14 +180,17 @@ module networkInterface './network/network-interface/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module networkInterface './network/network-interface/main.bicep' = { +module networkInterface 'br:bicep/modules/network.network-interface:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nnimin' params: { // Required parameters @@ -277,3 +241,192 @@ module networkInterface './network/network-interface/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`ipConfigurations`](#parameter-ipconfigurations) | array | A list of IPConfigurations of the network interface. | +| [`name`](#parameter-name) | string | The name of the network interface. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`auxiliaryMode`](#parameter-auxiliarymode) | string | Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. | +| [`auxiliarySku`](#parameter-auxiliarysku) | string | Auxiliary sku of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource identifier of log analytics. | +| [`disableTcpStateTracking`](#parameter-disabletcpstatetracking) | bool | Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true. | +| [`dnsServers`](#parameter-dnsservers) | array | List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. | +| [`enableAcceleratedNetworking`](#parameter-enableacceleratednetworking) | bool | If the network interface is accelerated networking enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableIPForwarding`](#parameter-enableipforwarding) | bool | Indicates whether IP forwarding is enabled on this network interface. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkSecurityGroupResourceId`](#parameter-networksecuritygroupresourceid) | string | The network security group (NSG) to attach to the network interface. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `auxiliaryMode` + +Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[Floating, MaxConnections, None]` + +### Parameter: `auxiliarySku` + +Auxiliary sku of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[A1, A2, A4, A8, None]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource identifier of log analytics. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableTcpStateTracking` + +Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `dnsServers` + +List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableAcceleratedNetworking` + +If the network interface is accelerated networking enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableIPForwarding` + +Indicates whether IP forwarding is enabled on this network interface. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `ipConfigurations` + +A list of IPConfigurations of the network interface. +- Required: Yes +- Type: array + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the network interface. +- Required: Yes +- Type: string + +### Parameter: `networkSecurityGroupResourceId` + +The network security group (NSG) to attach to the network interface. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed resource. | +| `resourceGroupName` | string | The resource group of the deployed resource. | +| `resourceId` | string | The resource ID of the deployed resource. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/network-interface/main.json b/modules/network/network-interface/main.json index 59419cbae3..20e292dd8f 100644 --- a/modules/network/network-interface/main.json +++ b/modules/network/network-interface/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5974456600868040376" + "version": "0.22.6.54827", + "templateHash": "14479255820598719580" }, "name": "Network Interface", "description": "This module deploys a Network Interface.", @@ -307,8 +307,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10645923556503351364" + "version": "0.22.6.54827", + "templateHash": "11518733977101662334" } }, "parameters": { diff --git a/modules/network/network-manager/.test/common/main.test.bicep b/modules/network/network-manager/.test/common/main.test.bicep index 1ebb51582a..e0899bd41c 100644 --- a/modules/network/network-manager/.test/common/main.test.bicep +++ b/modules/network/network-manager/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-manager/README.md b/modules/network/network-manager/README.md index 656930cdc9..86e3036e2f 100644 --- a/modules/network/network-manager/README.md +++ b/modules/network/network-manager/README.md @@ -5,10 +5,10 @@ This module deploys a Network Manager. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -26,65 +26,27 @@ This module deploys a Network Manager. | `Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections` | [2023-02-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-02-01/networkManagers/securityAdminConfigurations/ruleCollections) | | `Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules` | [2023-02-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-02-01/networkManagers/securityAdminConfigurations/ruleCollections/rules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Network Manager. | -| `networkManagerScopeAccesses` | array | Scope Access. String array containing any of "Connectivity", "SecurityAdmin". The connectivity feature allows you to create network topologies at scale. The security admin feature lets you create high-priority security rules, which take precedence over NSGs. | -| `networkManagerScopes` | object | Scope of Network Manager. Contains a list of management groups or a list of subscriptions. This defines the boundary of network resources that this Network Manager instance can manage. If using Management Groups, ensure that the "Microsoft.Network" resource provider is registered for those Management Groups prior to deployment. | +## Usage examples -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `networkGroups` | array | Network Groups and static members to create for the network manager. Required if using "connectivityConfigurations" or "securityAdminConfigurations" parameters. A network group is global container that includes a set of virtual network resources from any region. Then, configurations are applied to target the network group, which applies the configuration to all members of the group. The two types are group memberships are static and dynamic memberships. Static membership allows you to explicitly add virtual networks to a group by manually selecting individual virtual networks, and is available as a child module, while dynamic membership is defined through Azure policy. See [How Azure Policy works with Network Groups](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-azure-policy-integration) for more details. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `connectivityConfigurations` | array | `[]` | | Connectivity Configurations to create for the network manager. Network manager must contain at least one network group in order to define connectivity configurations. | -| `description` | string | `''` | | A description of the network manager. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopeConnections` | array | `[]` | | Scope Connections to create for the network manager. Allows network manager to manage resources from another tenant. Supports management groups or subscriptions from another tenant. | -| `securityAdminConfigurations` | array | `[]` | | Security Admin Configurations, Rule Collections and Rules to create for the network manager. Azure Virtual Network Manager provides two different types of configurations you can deploy across your virtual networks, one of them being a SecurityAdmin configuration. A security admin configuration contains a set of rule collections. Each rule collection contains one or more security admin rules. You then associate the rule collection with the network groups that you want to apply the security admin rules to. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the network manager. | -| `resourceGroupName` | string | The resource group the network manager was deployed into. | -| `resourceId` | string | The resource ID of the network manager. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.network-manager:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module networkManager './network/network-manager/main.bicep' = { +module networkManager 'br:bicep/modules/network.network-manager:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nnmcom' params: { // Required parameters @@ -523,6 +485,139 @@ module networkManager './network/network-manager/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Network Manager. | +| [`networkManagerScopeAccesses`](#parameter-networkmanagerscopeaccesses) | array | Scope Access. String array containing any of "Connectivity", "SecurityAdmin". The connectivity feature allows you to create network topologies at scale. The security admin feature lets you create high-priority security rules, which take precedence over NSGs. | +| [`networkManagerScopes`](#parameter-networkmanagerscopes) | object | Scope of Network Manager. Contains a list of management groups or a list of subscriptions. This defines the boundary of network resources that this Network Manager instance can manage. If using Management Groups, ensure that the "Microsoft.Network" resource provider is registered for those Management Groups prior to deployment. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`networkGroups`](#parameter-networkgroups) | array | Network Groups and static members to create for the network manager. Required if using "connectivityConfigurations" or "securityAdminConfigurations" parameters. A network group is global container that includes a set of virtual network resources from any region. Then, configurations are applied to target the network group, which applies the configuration to all members of the group. The two types are group memberships are static and dynamic memberships. Static membership allows you to explicitly add virtual networks to a group by manually selecting individual virtual networks, and is available as a child module, while dynamic membership is defined through Azure policy. See [How Azure Policy works with Network Groups](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-azure-policy-integration) for more details. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`connectivityConfigurations`](#parameter-connectivityconfigurations) | array | Connectivity Configurations to create for the network manager. Network manager must contain at least one network group in order to define connectivity configurations. | +| [`description`](#parameter-description) | string | A description of the network manager. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopeConnections`](#parameter-scopeconnections) | array | Scope Connections to create for the network manager. Allows network manager to manage resources from another tenant. Supports management groups or subscriptions from another tenant. | +| [`securityAdminConfigurations`](#parameter-securityadminconfigurations) | array | Security Admin Configurations, Rule Collections and Rules to create for the network manager. Azure Virtual Network Manager provides two different types of configurations you can deploy across your virtual networks, one of them being a SecurityAdmin configuration. A security admin configuration contains a set of rule collections. Each rule collection contains one or more security admin rules. You then associate the rule collection with the network groups that you want to apply the security admin rules to. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `connectivityConfigurations` + +Connectivity Configurations to create for the network manager. Network manager must contain at least one network group in order to define connectivity configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +A description of the network manager. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Network Manager. +- Required: Yes +- Type: string + +### Parameter: `networkGroups` + +Network Groups and static members to create for the network manager. Required if using "connectivityConfigurations" or "securityAdminConfigurations" parameters. A network group is global container that includes a set of virtual network resources from any region. Then, configurations are applied to target the network group, which applies the configuration to all members of the group. The two types are group memberships are static and dynamic memberships. Static membership allows you to explicitly add virtual networks to a group by manually selecting individual virtual networks, and is available as a child module, while dynamic membership is defined through Azure policy. See [How Azure Policy works with Network Groups](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-azure-policy-integration) for more details. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkManagerScopeAccesses` + +Scope Access. String array containing any of "Connectivity", "SecurityAdmin". The connectivity feature allows you to create network topologies at scale. The security admin feature lets you create high-priority security rules, which take precedence over NSGs. +- Required: Yes +- Type: array + +### Parameter: `networkManagerScopes` + +Scope of Network Manager. Contains a list of management groups or a list of subscriptions. This defines the boundary of network resources that this Network Manager instance can manage. If using Management Groups, ensure that the "Microsoft.Network" resource provider is registered for those Management Groups prior to deployment. +- Required: Yes +- Type: object + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopeConnections` + +Scope Connections to create for the network manager. Allows network manager to manage resources from another tenant. Supports management groups or subscriptions from another tenant. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityAdminConfigurations` + +Security Admin Configurations, Rule Collections and Rules to create for the network manager. Azure Virtual Network Manager provides two different types of configurations you can deploy across your virtual networks, one of them being a SecurityAdmin configuration. A security admin configuration contains a set of rule collections. Each rule collection contains one or more security admin rules. You then associate the rule collection with the network groups that you want to apply the security admin rules to. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the network manager. | +| `resourceGroupName` | string | The resource group the network manager was deployed into. | +| `resourceId` | string | The resource ID of the network manager. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/network/network-manager/connectivity-configuration/README.md b/modules/network/network-manager/connectivity-configuration/README.md index 77c750ba1f..cf5ff24e23 100644 --- a/modules/network/network-manager/connectivity-configuration/README.md +++ b/modules/network/network-manager/connectivity-configuration/README.md @@ -20,32 +20,95 @@ Connectivity configurations define hub-and-spoke or mesh topologies applied to o **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `appliesToGroups` | array | | Network Groups for the configuration. | -| `connectivityTopology` | string | `[HubAndSpoke, Mesh]` | Connectivity topology type. | -| `name` | string | | The name of the connectivity configuration. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appliesToGroups`](#parameter-appliestogroups) | array | Network Groups for the configuration. | +| [`connectivityTopology`](#parameter-connectivitytopology) | string | Connectivity topology type. | +| [`name`](#parameter-name) | string | The name of the connectivity configuration. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hubs` | array | List of hub items. This will create peerings between the specified hub and the virtual networks in the network group specified. Required if connectivityTopology is of type "HubAndSpoke". | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`hubs`](#parameter-hubs) | array | List of hub items. This will create peerings between the specified hub and the virtual networks in the network group specified. Required if connectivityTopology is of type "HubAndSpoke". | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `deleteExistingPeering` | string | `'False'` | `[False, True]` | Flag if need to remove current existing peerings. If set to "True", all peerings on virtual networks in selected network groups will be removed and replaced with the peerings defined by this configuration. Optional when connectivityTopology is of type "HubAndSpoke". | -| `description` | string | `''` | | A description of the connectivity configuration. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `isGlobal` | string | `'False'` | `[False, True]` | Flag if global mesh is supported. By default, mesh connectivity is applied to virtual networks within the same region. If set to "True", a global mesh enables connectivity across regions. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deleteExistingPeering`](#parameter-deleteexistingpeering) | string | Flag if need to remove current existing peerings. If set to "True", all peerings on virtual networks in selected network groups will be removed and replaced with the peerings defined by this configuration. Optional when connectivityTopology is of type "HubAndSpoke". | +| [`description`](#parameter-description) | string | A description of the connectivity configuration. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`isGlobal`](#parameter-isglobal) | string | Flag if global mesh is supported. By default, mesh connectivity is applied to virtual networks within the same region. If set to "True", a global mesh enables connectivity across regions. | + +### Parameter: `appliesToGroups` + +Network Groups for the configuration. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `connectivityTopology` + +Connectivity topology type. +- Required: Yes +- Type: string +- Allowed: `[HubAndSpoke, Mesh]` + +### Parameter: `deleteExistingPeering` + +Flag if need to remove current existing peerings. If set to "True", all peerings on virtual networks in selected network groups will be removed and replaced with the peerings defined by this configuration. Optional when connectivityTopology is of type "HubAndSpoke". +- Required: No +- Type: string +- Default: `'False'` +- Allowed: `[False, True]` + +### Parameter: `description` + +A description of the connectivity configuration. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hubs` + +List of hub items. This will create peerings between the specified hub and the virtual networks in the network group specified. Required if connectivityTopology is of type "HubAndSpoke". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `isGlobal` + +Flag if global mesh is supported. By default, mesh connectivity is applied to virtual networks within the same region. If set to "True", a global mesh enables connectivity across regions. +- Required: No +- Type: string +- Default: `'False'` +- Allowed: `[False, True]` + +### Parameter: `name` + +The name of the connectivity configuration. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed connectivity configuration. | | `resourceGroupName` | string | The resource group the connectivity configuration was deployed into. | diff --git a/modules/network/network-manager/network-group/README.md b/modules/network/network-manager/network-group/README.md index b902fd22a1..a5f8dca4a0 100644 --- a/modules/network/network-manager/network-group/README.md +++ b/modules/network/network-manager/network-group/README.md @@ -21,28 +21,61 @@ A network group is a collection of same-type network resources that you can asso **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the network group. | +| [`name`](#parameter-name) | string | The name of the network group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | A description of the network group. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `staticMembers` | array | `[]` | Static Members to create for the network group. Contains virtual networks to add to the network group. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | A description of the network group. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`staticMembers`](#parameter-staticmembers) | array | Static Members to create for the network group. Contains virtual networks to add to the network group. | + +### Parameter: `description` + +A description of the network group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the network group. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `staticMembers` + +Static Members to create for the network group. Contains virtual networks to add to the network group. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed network group. | | `resourceGroupName` | string | The resource group the network group was deployed into. | diff --git a/modules/network/network-manager/network-group/static-member/README.md b/modules/network/network-manager/network-group/static-member/README.md index 54989f4a2c..7a10fbc50c 100644 --- a/modules/network/network-manager/network-group/static-member/README.md +++ b/modules/network/network-manager/network-group/static-member/README.md @@ -20,28 +20,59 @@ Static membership allows you to explicitly add virtual networks to a group by ma **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the static member. | -| `resourceId` | string | Resource ID of the virtual network. | +| [`name`](#parameter-name) | string | The name of the static member. | +| [`resourceId`](#parameter-resourceid) | string | Resource ID of the virtual network. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkGroupName` | string | The name of the parent network group. Required if the template is used in a standalone deployment. | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`networkGroupName`](#parameter-networkgroupname) | string | The name of the parent network group. Required if the template is used in a standalone deployment. | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the static member. +- Required: Yes +- Type: string + +### Parameter: `networkGroupName` + +The name of the parent network group. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +Resource ID of the virtual network. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed static member. | | `resourceGroupName` | string | The resource group the static member was deployed into. | diff --git a/modules/network/network-manager/scope-connection/README.md b/modules/network/network-manager/scope-connection/README.md index 3c0ef6d896..b2e6fbf6c5 100644 --- a/modules/network/network-manager/scope-connection/README.md +++ b/modules/network/network-manager/scope-connection/README.md @@ -20,29 +20,67 @@ Create a cross-tenant connection to manage a resource from another tenant. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the scope connection. | -| `resourceId` | string | Enter the subscription or management group resource ID that you want to add to this network manager's scope. | -| `tenantId` | string | Tenant ID of the subscription or management group that you want to manage. | +| [`name`](#parameter-name) | string | The name of the scope connection. | +| [`resourceId`](#parameter-resourceid) | string | Enter the subscription or management group resource ID that you want to add to this network manager's scope. | +| [`tenantId`](#parameter-tenantid) | string | Tenant ID of the subscription or management group that you want to manage. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | A description of the scope connection. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | A description of the scope connection. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `description` + +A description of the scope connection. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the scope connection. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +Enter the subscription or management group resource ID that you want to add to this network manager's scope. +- Required: Yes +- Type: string + +### Parameter: `tenantId` + +Tenant ID of the subscription or management group that you want to manage. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed scope connection. | | `resourceGroupName` | string | The resource group the scope connection was deployed into. | diff --git a/modules/network/network-manager/security-admin-configuration/README.md b/modules/network/network-manager/security-admin-configuration/README.md index 10cd562c0a..c6cb473a8a 100644 --- a/modules/network/network-manager/security-admin-configuration/README.md +++ b/modules/network/network-manager/security-admin-configuration/README.md @@ -22,29 +22,70 @@ A security admin configuration contains a set of rule collections. Each rule col **Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applyOnNetworkIntentPolicyBasedServices` | array | `[None]` | `[All, AllowRulesOnly, None]` | Enum list of network intent policy based services. | -| `name` | string | | | The name of the security admin configuration. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applyOnNetworkIntentPolicyBasedServices`](#parameter-applyonnetworkintentpolicybasedservices) | array | Enum list of network intent policy based services. | +| [`name`](#parameter-name) | string | The name of the security admin configuration. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | A description of the security admin configuration. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ruleCollections` | array | `[]` | A security admin configuration contains a set of rule collections that are applied to network groups. Each rule collection contains one or more security admin rules. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | A description of the security admin configuration. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ruleCollections`](#parameter-rulecollections) | array | A security admin configuration contains a set of rule collections that are applied to network groups. Each rule collection contains one or more security admin rules. | + +### Parameter: `applyOnNetworkIntentPolicyBasedServices` + +Enum list of network intent policy based services. +- Required: No +- Type: array +- Default: `[None]` +- Allowed: `[All, AllowRulesOnly, None]` + +### Parameter: `description` + +A description of the security admin configuration. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the security admin configuration. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `ruleCollections` + +A security admin configuration contains a set of rule collections that are applied to network groups. Each rule collection contains one or more security admin rules. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed security admin configuration. | | `resourceGroupName` | string | The resource group the security admin configuration was deployed into. | diff --git a/modules/network/network-manager/security-admin-configuration/rule-collection/README.md b/modules/network/network-manager/security-admin-configuration/rule-collection/README.md index 33bd75c517..8f8dbcef8f 100644 --- a/modules/network/network-manager/security-admin-configuration/rule-collection/README.md +++ b/modules/network/network-manager/security-admin-configuration/rule-collection/README.md @@ -21,30 +21,74 @@ A security admin configuration contains a set of rule collections. Each rule col **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appliesToGroups` | array | List of network groups for configuration. An admin rule collection must be associated to at least one network group. | -| `name` | string | The name of the admin rule collection. | +| [`appliesToGroups`](#parameter-appliestogroups) | array | List of network groups for configuration. An admin rule collection must be associated to at least one network group. | +| [`name`](#parameter-name) | string | The name of the admin rule collection. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | -| `securityAdminConfigurationName` | string | The name of the parent security admin configuration. Required if the template is used in a standalone deployment. | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`securityAdminConfigurationName`](#parameter-securityadminconfigurationname) | string | The name of the parent security admin configuration. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | A description of the admin rule collection. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rules` | array | | List of rules for the admin rules collection. Security admin rules allows enforcing security policy criteria that matches the conditions set. Warning: A rule collection without rule will cause a deployment configuration for security admin goal state in network manager to fail. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | A description of the admin rule collection. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rules`](#parameter-rules) | array | List of rules for the admin rules collection. Security admin rules allows enforcing security policy criteria that matches the conditions set. Warning: A rule collection without rule will cause a deployment configuration for security admin goal state in network manager to fail. | + +### Parameter: `appliesToGroups` + +List of network groups for configuration. An admin rule collection must be associated to at least one network group. +- Required: Yes +- Type: array + +### Parameter: `description` + +A description of the admin rule collection. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the admin rule collection. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rules` + +List of rules for the admin rules collection. Security admin rules allows enforcing security policy criteria that matches the conditions set. Warning: A rule collection without rule will cause a deployment configuration for security admin goal state in network manager to fail. +- Required: Yes +- Type: array + +### Parameter: `securityAdminConfigurationName` + +The name of the parent security admin configuration. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed admin rule collection. | | `resourceGroupName` | string | The resource group the admin rule collection was deployed into. | diff --git a/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md b/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md index f053a1c8ee..6f0eb7a62f 100644 --- a/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md +++ b/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md @@ -20,37 +20,130 @@ A security admin configuration contains a set of rule collections. Each rule col **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `access` | string | `[Allow, AlwaysAllow, Deny]` | Indicates the access allowed for this particular rule. "Allow" means traffic matching this rule will be allowed. "Deny" means traffic matching this rule will be blocked. "AlwaysAllow" means that traffic matching this rule will be allowed regardless of other rules with lower priority or user-defined NSGs. | -| `direction` | string | `[Inbound, Outbound]` | Indicates if the traffic matched against the rule in inbound or outbound. | -| `name` | string | | The name of the rule. | -| `priority` | int | | The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | -| `protocol` | string | `[Ah, Any, Esp, Icmp, Tcp, Udp]` | Network protocol this rule applies to. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`access`](#parameter-access) | string | Indicates the access allowed for this particular rule. "Allow" means traffic matching this rule will be allowed. "Deny" means traffic matching this rule will be blocked. "AlwaysAllow" means that traffic matching this rule will be allowed regardless of other rules with lower priority or user-defined NSGs. | +| [`direction`](#parameter-direction) | string | Indicates if the traffic matched against the rule in inbound or outbound. | +| [`name`](#parameter-name) | string | The name of the rule. | +| [`priority`](#parameter-priority) | int | The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | +| [`protocol`](#parameter-protocol) | string | Network protocol this rule applies to. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkManagerName` | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | -| `ruleCollectionName` | string | The name of the parent rule collection. Required if the template is used in a standalone deployment. | -| `securityAdminConfigurationName` | string | The name of the parent security admin configuration. Required if the template is used in a standalone deployment. | +| [`networkManagerName`](#parameter-networkmanagername) | string | The name of the parent network manager. Required if the template is used in a standalone deployment. | +| [`ruleCollectionName`](#parameter-rulecollectionname) | string | The name of the parent rule collection. Required if the template is used in a standalone deployment. | +| [`securityAdminConfigurationName`](#parameter-securityadminconfigurationname) | string | The name of the parent security admin configuration. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | A description of the rule. | -| `destinationPortRanges` | array | `[]` | List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. | -| `destinations` | array | `[]` | The destnations filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `sourcePortRanges` | array | `[]` | List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. | -| `sources` | array | `[]` | The source filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | A description of the rule. | +| [`destinationPortRanges`](#parameter-destinationportranges) | array | List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. | +| [`destinations`](#parameter-destinations) | array | The destnations filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`sourcePortRanges`](#parameter-sourceportranges) | array | List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. | +| [`sources`](#parameter-sources) | array | The source filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. | + +### Parameter: `access` + +Indicates the access allowed for this particular rule. "Allow" means traffic matching this rule will be allowed. "Deny" means traffic matching this rule will be blocked. "AlwaysAllow" means that traffic matching this rule will be allowed regardless of other rules with lower priority or user-defined NSGs. +- Required: Yes +- Type: string +- Allowed: `[Allow, AlwaysAllow, Deny]` + +### Parameter: `description` + +A description of the rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinationPortRanges` + +List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `destinations` + +The destnations filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `direction` + +Indicates if the traffic matched against the rule in inbound or outbound. +- Required: Yes +- Type: string +- Allowed: `[Inbound, Outbound]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the rule. +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `priority` + +The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. +- Required: Yes +- Type: int + +### Parameter: `protocol` + +Network protocol this rule applies to. +- Required: Yes +- Type: string +- Allowed: `[Ah, Any, Esp, Icmp, Tcp, Udp]` + +### Parameter: `ruleCollectionName` + +The name of the parent rule collection. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `securityAdminConfigurationName` + +The name of the parent security admin configuration. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sourcePortRanges` + +List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sources` + +The source filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed rule. | | `resourceGroupName` | string | The resource group the rule was deployed into. | diff --git a/modules/network/network-security-group/.test/common/main.test.bicep b/modules/network/network-security-group/.test/common/main.test.bicep index e527049267..b3d3aa351f 100644 --- a/modules/network/network-security-group/.test/common/main.test.bicep +++ b/modules/network/network-security-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-security-group/.test/min/main.test.bicep b/modules/network/network-security-group/.test/min/main.test.bicep index 744ad53a8c..225b630945 100644 --- a/modules/network/network-security-group/.test/min/main.test.bicep +++ b/modules/network/network-security-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-security-group/README.md b/modules/network/network-security-group/README.md index 306ed08855..9cc85e94be 100644 --- a/modules/network/network-security-group/README.md +++ b/modules/network/network-security-group/README.md @@ -5,10 +5,10 @@ This module deploys a Network security Group (NSG). ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,61 +20,28 @@ This module deploys a Network security Group (NSG). | `Microsoft.Network/networkSecurityGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkSecurityGroups) | | `Microsoft.Network/networkSecurityGroups/securityRules` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkSecurityGroups/securityRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Network Security Group. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `flushConnection` | bool | `False` | | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. Network Security Group connection flushing is not available in all regions. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityRules` | array | `[]` | | Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | -| `tags` | object | `{object}` | | Tags of the NSG resource. | - +## Usage examples -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the network security group. | -| `resourceGroupName` | string | The resource group the network security group was deployed into. | -| `resourceId` | string | The resource ID of the network security group. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.network-security-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module networkSecurityGroup './network/network-security-group/main.bicep' = { +module networkSecurityGroup 'br:bicep/modules/network.network-security-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nnsgcom' params: { // Required parameters @@ -294,14 +261,17 @@ module networkSecurityGroup './network/network-security-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module networkSecurityGroup './network/network-security-group/main.bicep' = { +module networkSecurityGroup 'br:bicep/modules/network.network-security-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nnsgmin' params: { // Required parameters @@ -338,3 +308,143 @@ module networkSecurityGroup './network/network-security-group/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Network Security Group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`flushConnection`](#parameter-flushconnection) | bool | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. Network Security Group connection flushing is not available in all regions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityRules`](#parameter-securityrules) | array | Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | +| [`tags`](#parameter-tags) | object | Tags of the NSG resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flushConnection` + +When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. Network Security Group connection flushing is not available in all regions. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Network Security Group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityRules` + +Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the NSG resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the network security group. | +| `resourceGroupName` | string | The resource group the network security group was deployed into. | +| `resourceId` | string | The resource ID of the network security group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/network-security-group/main.json b/modules/network/network-security-group/main.json index b06da3fe4f..abb0e70fca 100644 --- a/modules/network/network-security-group/main.json +++ b/modules/network/network-security-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9239709220807810810" + "version": "0.22.6.54827", + "templateHash": "8128749516786730234" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG).", @@ -272,8 +272,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18244678468796534516" + "version": "0.22.6.54827", + "templateHash": "820939823450891186" }, "name": "Network Security Group (NSG) Security Rules", "description": "This module deploys a Network Security Group (NSG) Security Rule.", @@ -520,8 +520,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8259083650687909209" + "version": "0.22.6.54827", + "templateHash": "12098965438500552299" } }, "parameters": { diff --git a/modules/network/network-security-group/security-rule/README.md b/modules/network/network-security-group/security-rule/README.md index 57868287ca..bac421ca53 100644 --- a/modules/network/network-security-group/security-rule/README.md +++ b/modules/network/network-security-group/security-rule/README.md @@ -19,41 +19,165 @@ This module deploys a Network Security Group (NSG) Security Rule. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `direction` | string | `[Inbound, Outbound]` | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | -| `name` | string | | The name of the security rule. | -| `priority` | int | | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | -| `protocol` | string | `[*, Ah, Esp, Icmp, Tcp, Udp]` | Network protocol this rule applies to. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`direction`](#parameter-direction) | string | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | +| [`name`](#parameter-name) | string | The name of the security rule. | +| [`priority`](#parameter-priority) | int | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | +| [`protocol`](#parameter-protocol) | string | Network protocol this rule applies to. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `networkSecurityGroupName` | string | The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment. | +| [`networkSecurityGroupName`](#parameter-networksecuritygroupname) | string | The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `access` | string | `'Deny'` | `[Allow, Deny]` | Whether network traffic is allowed or denied. | -| `description` | string | `''` | | A description for this rule. | -| `destinationAddressPrefix` | string | `''` | | The destination address prefix. CIDR or destination IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. | -| `destinationAddressPrefixes` | array | `[]` | | The destination address prefixes. CIDR or destination IP ranges. | -| `destinationApplicationSecurityGroups` | array | `[]` | | The application security group specified as destination. | -| `destinationPortRange` | string | `''` | | The destination port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | -| `destinationPortRanges` | array | `[]` | | The destination port ranges. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `sourceAddressPrefix` | string | `''` | | The CIDR or source IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. If this is an ingress rule, specifies where network traffic originates from. | -| `sourceAddressPrefixes` | array | `[]` | | The CIDR or source IP ranges. | -| `sourceApplicationSecurityGroups` | array | `[]` | | The application security group specified as source. | -| `sourcePortRange` | string | `''` | | The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | -| `sourcePortRanges` | array | `[]` | | The source port ranges. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`access`](#parameter-access) | string | Whether network traffic is allowed or denied. | +| [`description`](#parameter-description) | string | A description for this rule. | +| [`destinationAddressPrefix`](#parameter-destinationaddressprefix) | string | The destination address prefix. CIDR or destination IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. | +| [`destinationAddressPrefixes`](#parameter-destinationaddressprefixes) | array | The destination address prefixes. CIDR or destination IP ranges. | +| [`destinationApplicationSecurityGroups`](#parameter-destinationapplicationsecuritygroups) | array | The application security group specified as destination. | +| [`destinationPortRange`](#parameter-destinationportrange) | string | The destination port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | +| [`destinationPortRanges`](#parameter-destinationportranges) | array | The destination port ranges. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`sourceAddressPrefix`](#parameter-sourceaddressprefix) | string | The CIDR or source IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. If this is an ingress rule, specifies where network traffic originates from. | +| [`sourceAddressPrefixes`](#parameter-sourceaddressprefixes) | array | The CIDR or source IP ranges. | +| [`sourceApplicationSecurityGroups`](#parameter-sourceapplicationsecuritygroups) | array | The application security group specified as source. | +| [`sourcePortRange`](#parameter-sourceportrange) | string | The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | +| [`sourcePortRanges`](#parameter-sourceportranges) | array | The source port ranges. | + +### Parameter: `access` + +Whether network traffic is allowed or denied. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Allow, Deny]` + +### Parameter: `description` + +A description for this rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinationAddressPrefix` + +The destination address prefix. CIDR or destination IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinationAddressPrefixes` + +The destination address prefixes. CIDR or destination IP ranges. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `destinationApplicationSecurityGroups` + +The application security group specified as destination. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `destinationPortRange` + +The destination port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinationPortRanges` + +The destination port ranges. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `direction` + +The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. +- Required: Yes +- Type: string +- Allowed: `[Inbound, Outbound]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the security rule. +- Required: Yes +- Type: string + +### Parameter: `networkSecurityGroupName` + +The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `priority` + +The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. +- Required: Yes +- Type: int + +### Parameter: `protocol` + +Network protocol this rule applies to. +- Required: Yes +- Type: string +- Allowed: `[*, Ah, Esp, Icmp, Tcp, Udp]` + +### Parameter: `sourceAddressPrefix` + +The CIDR or source IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. If this is an ingress rule, specifies where network traffic originates from. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceAddressPrefixes` + +The CIDR or source IP ranges. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sourceApplicationSecurityGroups` + +The application security group specified as source. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sourcePortRange` + +The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourcePortRanges` + +The source port ranges. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the security rule. | | `resourceGroupName` | string | The resource group the security rule was deployed into. | diff --git a/modules/network/network-security-group/security-rule/main.json b/modules/network/network-security-group/security-rule/main.json index f926892555..a024c862c1 100644 --- a/modules/network/network-security-group/security-rule/main.json +++ b/modules/network/network-security-group/security-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4767935764969237300" + "version": "0.22.6.54827", + "templateHash": "820939823450891186" }, "name": "Network Security Group (NSG) Security Rules", "description": "This module deploys a Network Security Group (NSG) Security Rule.", diff --git a/modules/network/network-watcher/.test/common/main.test.bicep b/modules/network/network-watcher/.test/common/main.test.bicep index 64e2265f18..ddc0677786 100644 --- a/modules/network/network-watcher/.test/common/main.test.bicep +++ b/modules/network/network-watcher/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-watcher/.test/min/main.test.bicep b/modules/network/network-watcher/.test/min/main.test.bicep index 89dee769f8..026f230ae4 100644 --- a/modules/network/network-watcher/.test/min/main.test.bicep +++ b/modules/network/network-watcher/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/network-watcher/README.md b/modules/network/network-watcher/README.md index d41d90b40b..9019a60077 100644 --- a/modules/network/network-watcher/README.md +++ b/modules/network/network-watcher/README.md @@ -4,13 +4,13 @@ This module deploys a Network Watcher. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,50 +20,28 @@ This module deploys a Network Watcher. | `Microsoft.Network/networkWatchers/connectionMonitors` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/connectionMonitors) | | `Microsoft.Network/networkWatchers/flowLogs` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/flowLogs) | -## Parameters - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `connectionMonitors` | array | `[]` | | Array that contains the Connection Monitors. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `flowLogs` | array | `[]` | | Array that contains the Flow Logs. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[format('NetworkWatcher_{0}', parameters('location'))]` | | Name of the Network Watcher resource (hidden). | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed network watcher. | -| `resourceGroupName` | string | The resource group the network watcher was deployed into. | -| `resourceId` | string | The resource ID of the deployed network watcher. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.network-watcher:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module networkWatcher './network/network-watcher/main.bicep' = { +module networkWatcher 'br:bicep/modules/network.network-watcher:1.0.0' = { name: '${uniqueString(deployment().name, testLocation)}-test-nnwcom' params: { connectionMonitors: [ @@ -275,14 +253,17 @@ module networkWatcher './network/network-watcher/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module networkWatcher './network/network-watcher/main.bicep' = { +module networkWatcher 'br:bicep/modules/network.network-watcher:1.0.0' = { name: '${uniqueString(deployment().name, testLocation)}-test-nnwmin' params: { enableDefaultTelemetry: '' @@ -315,3 +296,90 @@ module networkWatcher './network/network-watcher/main.bicep' = {

+ + +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`connectionMonitors`](#parameter-connectionmonitors) | array | Array that contains the Connection Monitors. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`flowLogs`](#parameter-flowlogs) | array | Array that contains the Flow Logs. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`name`](#parameter-name) | string | Name of the Network Watcher resource (hidden). | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `connectionMonitors` + +Array that contains the Connection Monitors. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flowLogs` + +Array that contains the Flow Logs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Network Watcher resource (hidden). +- Required: No +- Type: string +- Default: `[format('NetworkWatcher_{0}', parameters('location'))]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed network watcher. | +| `resourceGroupName` | string | The resource group the network watcher was deployed into. | +| `resourceId` | string | The resource ID of the deployed network watcher. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/network-watcher/connection-monitor/README.md b/modules/network/network-watcher/connection-monitor/README.md index d066d55387..efd44e1102 100644 --- a/modules/network/network-watcher/connection-monitor/README.md +++ b/modules/network/network-watcher/connection-monitor/README.md @@ -19,27 +19,89 @@ This module deploys a Network Watcher Connection Monitor. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the resource. | +| [`name`](#parameter-name) | string | Name of the resource. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endpoints` | array | `[]` | List of connection monitor endpoints. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. | -| `tags` | object | `{object}` | Tags of the resource. | -| `testConfigurations` | array | `[]` | List of connection monitor test configurations. | -| `testGroups` | array | `[]` | List of connection monitor test groups. | -| `workspaceResourceId` | string | `''` | Specify the Log Analytics Workspace Resource ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endpoints`](#parameter-endpoints) | array | List of connection monitor endpoints. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`networkWatcherName`](#parameter-networkwatchername) | string | Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`testConfigurations`](#parameter-testconfigurations) | array | List of connection monitor test configurations. | +| [`testGroups`](#parameter-testgroups) | array | List of connection monitor test groups. | +| [`workspaceResourceId`](#parameter-workspaceresourceid) | string | Specify the Log Analytics Workspace Resource ID. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpoints` + +List of connection monitor endpoints. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the resource. +- Required: Yes +- Type: string + +### Parameter: `networkWatcherName` + +Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. +- Required: No +- Type: string +- Default: `[format('NetworkWatcher_{0}', resourceGroup().location)]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `testConfigurations` + +List of connection monitor test configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `testGroups` + +List of connection monitor test groups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `workspaceResourceId` + +Specify the Log Analytics Workspace Resource ID. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed connection monitor. | diff --git a/modules/network/network-watcher/connection-monitor/main.json b/modules/network/network-watcher/connection-monitor/main.json index e76438a305..c7df0ada6e 100644 --- a/modules/network/network-watcher/connection-monitor/main.json +++ b/modules/network/network-watcher/connection-monitor/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9435199226792787351" + "version": "0.22.6.54827", + "templateHash": "11763235795280157018" }, "name": "Network Watchers Connection Monitors", "description": "This module deploys a Network Watcher Connection Monitor.", diff --git a/modules/network/network-watcher/flow-log/README.md b/modules/network/network-watcher/flow-log/README.md index 0dacbbb823..1afef915fc 100644 --- a/modules/network/network-watcher/flow-log/README.md +++ b/modules/network/network-watcher/flow-log/README.md @@ -5,12 +5,12 @@ This module controls the Network Security Group Flow Logs and analytics settings ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,30 +20,114 @@ This module controls the Network Security Group Flow Logs and analytics settings **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageId` | string | Resource ID of the diagnostic storage account. | -| `targetResourceId` | string | Resource ID of the NSG that must be enabled for Flow Logs. | +| [`storageId`](#parameter-storageid) | string | Resource ID of the diagnostic storage account. | +| [`targetResourceId`](#parameter-targetresourceid) | string | Resource ID of the NSG that must be enabled for Flow Logs. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enabled` | bool | `True` | | If the flow log should be enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `formatVersion` | int | `2` | `[1, 2]` | The flow log format version. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `name` | string | `[format('{0}-{1}-flowlog', last(split(parameters('targetResourceId'), '/')), split(parameters('targetResourceId'), '/')[4])]` | | Name of the resource. | -| `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. | -| `retentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trafficAnalyticsInterval` | int | `60` | `[10, 60]` | The interval in minutes which would decide how frequently TA service should do flow analytics. | -| `workspaceResourceId` | string | `''` | | Specify the Log Analytics Workspace Resource ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enabled`](#parameter-enabled) | bool | If the flow log should be enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`formatVersion`](#parameter-formatversion) | int | The flow log format version. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`name`](#parameter-name) | string | Name of the resource. | +| [`networkWatcherName`](#parameter-networkwatchername) | string | Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. | +| [`retentionInDays`](#parameter-retentionindays) | int | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`trafficAnalyticsInterval`](#parameter-trafficanalyticsinterval) | int | The interval in minutes which would decide how frequently TA service should do flow analytics. | +| [`workspaceResourceId`](#parameter-workspaceresourceid) | string | Specify the Log Analytics Workspace Resource ID. | + +### Parameter: `enabled` + +If the flow log should be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `formatVersion` + +The flow log format version. +- Required: No +- Type: int +- Default: `2` +- Allowed: `[1, 2]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the resource. +- Required: No +- Type: string +- Default: `[format('{0}-{1}-flowlog', last(split(parameters('targetResourceId'), '/')), split(parameters('targetResourceId'), '/')[4])]` + +### Parameter: `networkWatcherName` + +Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. +- Required: No +- Type: string +- Default: `[format('NetworkWatcher_{0}', resourceGroup().location)]` + +### Parameter: `retentionInDays` + +Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. +- Required: No +- Type: int +- Default: `365` + +### Parameter: `storageId` + +Resource ID of the diagnostic storage account. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceId` + +Resource ID of the NSG that must be enabled for Flow Logs. +- Required: Yes +- Type: string + +### Parameter: `trafficAnalyticsInterval` + +The interval in minutes which would decide how frequently TA service should do flow analytics. +- Required: No +- Type: int +- Default: `60` +- Allowed: `[10, 60]` + +### Parameter: `workspaceResourceId` + +Specify the Log Analytics Workspace Resource ID. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the flow log. | diff --git a/modules/network/network-watcher/flow-log/main.json b/modules/network/network-watcher/flow-log/main.json index 1a9023a4ba..0d737f5dce 100644 --- a/modules/network/network-watcher/flow-log/main.json +++ b/modules/network/network-watcher/flow-log/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11308204478162486459" + "version": "0.22.6.54827", + "templateHash": "17949647288095694070" }, "name": "NSG Flow Logs", "description": "This module controls the Network Security Group Flow Logs and analytics settings.\r\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**", diff --git a/modules/network/network-watcher/main.json b/modules/network/network-watcher/main.json index 076bf236c0..7d746b120d 100644 --- a/modules/network/network-watcher/main.json +++ b/modules/network/network-watcher/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3813984795397304605" + "version": "0.22.6.54827", + "templateHash": "3515911577845014451" }, "name": "Network Watchers", "description": "This module deploys a Network Watcher.", @@ -149,8 +149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4655888316956810002" + "version": "0.22.6.54827", + "templateHash": "9894011822541177112" } }, "parameters": { @@ -326,8 +326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4201838654770127390" + "version": "0.22.6.54827", + "templateHash": "11763235795280157018" }, "name": "Network Watchers Connection Monitors", "description": "This module deploys a Network Watcher Connection Monitor.", @@ -505,8 +505,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11547142807846840674" + "version": "0.22.6.54827", + "templateHash": "17949647288095694070" }, "name": "NSG Flow Logs", "description": "This module controls the Network Security Group Flow Logs and analytics settings.\r\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**", diff --git a/modules/network/private-dns-zone/.test/common/main.test.bicep b/modules/network/private-dns-zone/.test/common/main.test.bicep index 175acecf7f..d3e5ad38db 100644 --- a/modules/network/private-dns-zone/.test/common/main.test.bicep +++ b/modules/network/private-dns-zone/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/private-dns-zone/.test/min/main.test.bicep b/modules/network/private-dns-zone/.test/min/main.test.bicep index f32a389c03..db60e58143 100644 --- a/modules/network/private-dns-zone/.test/min/main.test.bicep +++ b/modules/network/private-dns-zone/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/private-dns-zone/README.md b/modules/network/private-dns-zone/README.md index a6d1f62e04..54fc9873d1 100644 --- a/modules/network/private-dns-zone/README.md +++ b/modules/network/private-dns-zone/README.md @@ -4,13 +4,13 @@ This module deploys a Private DNS zone. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -27,62 +27,28 @@ This module deploys a Private DNS zone. | `Microsoft.Network/privateDnsZones/TXT` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/TXT) | | `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Private DNS zone name. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.private-dns-zone:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `a` | _[a](a/README.md)_ array | `[]` | | Array of A records. | -| `aaaa` | _[aaaa](aaaa/README.md)_ array | `[]` | | Array of AAAA records. | -| `cname` | _[cname](cname/README.md)_ array | `[]` | | Array of CNAME records. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | | The location of the PrivateDNSZone. Should be global. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `mx` | _[mx](mx/README.md)_ array | `[]` | | Array of MX records. | -| `ptr` | _[ptr](ptr/README.md)_ array | `[]` | | Array of PTR records. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `soa` | _[soa](soa/README.md)_ array | `[]` | | Array of SOA records. | -| `srv` | _[srv](srv/README.md)_ array | `[]` | | Array of SRV records. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `txt` | _[txt](txt/README.md)_ array | `[]` | | Array of TXT records. | -| `virtualNetworkLinks` | array | `[]` | | Array of custom objects describing vNet links of the DNS zone. Each object should contain properties 'vnetResourceId' and 'registrationEnabled'. The 'vnetResourceId' is a resource ID of a vNet to link, 'registrationEnabled' (bool) enables automatic DNS registration in the zone for the linked vNet. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private DNS zone. | -| `resourceGroupName` | string | The resource group the private DNS zone was deployed into. | -| `resourceId` | string | The resource ID of the private DNS zone. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module privateDnsZone './network/private-dns-zone/main.bicep' = { +module privateDnsZone 'br:bicep/modules/network.private-dns-zone:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npdzcom' params: { // Required parameters @@ -504,14 +470,17 @@ module privateDnsZone './network/private-dns-zone/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module privateDnsZone './network/private-dns-zone/main.bicep' = { +module privateDnsZone 'br:bicep/modules/network.private-dns-zone:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npdzmin' params: { // Required parameters @@ -548,3 +517,150 @@ module privateDnsZone './network/private-dns-zone/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Private DNS zone name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`a`](#parameter-a) | array | Array of A records. | +| [`aaaa`](#parameter-aaaa) | array | Array of AAAA records. | +| [`cname`](#parameter-cname) | array | Array of CNAME records. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location of the PrivateDNSZone. Should be global. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`mx`](#parameter-mx) | array | Array of MX records. | +| [`ptr`](#parameter-ptr) | array | Array of PTR records. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`soa`](#parameter-soa) | array | Array of SOA records. | +| [`srv`](#parameter-srv) | array | Array of SRV records. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`txt`](#parameter-txt) | array | Array of TXT records. | +| [`virtualNetworkLinks`](#parameter-virtualnetworklinks) | array | Array of custom objects describing vNet links of the DNS zone. Each object should contain properties 'vnetResourceId' and 'registrationEnabled'. The 'vnetResourceId' is a resource ID of a vNet to link, 'registrationEnabled' (bool) enables automatic DNS registration in the zone for the linked vNet. | + +### Parameter: `a` + +Array of A records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `aaaa` + +Array of AAAA records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `cname` + +Array of CNAME records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location of the PrivateDNSZone. Should be global. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `mx` + +Array of MX records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Private DNS zone name. +- Required: Yes +- Type: string + +### Parameter: `ptr` + +Array of PTR records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `soa` + +Array of SOA records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `srv` + +Array of SRV records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `txt` + +Array of TXT records. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualNetworkLinks` + +Array of custom objects describing vNet links of the DNS zone. Each object should contain properties 'vnetResourceId' and 'registrationEnabled'. The 'vnetResourceId' is a resource ID of a vNet to link, 'registrationEnabled' (bool) enables automatic DNS registration in the zone for the linked vNet. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the private DNS zone. | +| `resourceGroupName` | string | The resource group the private DNS zone was deployed into. | +| `resourceId` | string | The resource ID of the private DNS zone. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/private-dns-zone/a/README.md b/modules/network/private-dns-zone/a/README.md index 54ae836063..c3368e5187 100644 --- a/modules/network/private-dns-zone/a/README.md +++ b/modules/network/private-dns-zone/a/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone A record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the A record. | +| [`name`](#parameter-name) | string | The name of the A record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aRecords` | array | `[]` | The list of A records in the record set. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aRecords`](#parameter-arecords) | array | The list of A records in the record set. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `aRecords` + +The list of A records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the A record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed A record. | | `resourceGroupName` | string | The resource group of the deployed A record. | diff --git a/modules/network/private-dns-zone/a/main.json b/modules/network/private-dns-zone/a/main.json index 413cc464b5..a6c913362e 100644 --- a/modules/network/private-dns-zone/a/main.json +++ b/modules/network/private-dns-zone/a/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2464749993448285338" + "version": "0.22.6.54827", + "templateHash": "3286674755199812485" }, "name": "Private DNS Zone A record", "description": "This module deploys a Private DNS Zone A record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16462248861146180112" + "version": "0.22.6.54827", + "templateHash": "13885309482367640092" } }, "parameters": { diff --git a/modules/network/private-dns-zone/aaaa/README.md b/modules/network/private-dns-zone/aaaa/README.md index 10dbc0d92d..8519032b83 100644 --- a/modules/network/private-dns-zone/aaaa/README.md +++ b/modules/network/private-dns-zone/aaaa/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone AAAA record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the AAAA record. | +| [`name`](#parameter-name) | string | The name of the AAAA record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aaaaRecords` | array | `[]` | The list of AAAA records in the record set. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aaaaRecords`](#parameter-aaaarecords) | array | The list of AAAA records in the record set. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `aaaaRecords` + +The list of AAAA records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the AAAA record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed AAAA record. | | `resourceGroupName` | string | The resource group of the deployed AAAA record. | diff --git a/modules/network/private-dns-zone/aaaa/main.json b/modules/network/private-dns-zone/aaaa/main.json index 506b619a23..5d0169ad3e 100644 --- a/modules/network/private-dns-zone/aaaa/main.json +++ b/modules/network/private-dns-zone/aaaa/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2479547994885250676" + "version": "0.22.6.54827", + "templateHash": "17200265918515224034" }, "name": "Private DNS Zone AAAA record", "description": "This module deploys a Private DNS Zone AAAA record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8284082844313029952" + "version": "0.22.6.54827", + "templateHash": "370590810970469037" } }, "parameters": { diff --git a/modules/network/private-dns-zone/cname/README.md b/modules/network/private-dns-zone/cname/README.md index 274c08ff98..258427ccc4 100644 --- a/modules/network/private-dns-zone/cname/README.md +++ b/modules/network/private-dns-zone/cname/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone CNAME record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the CNAME record. | +| [`name`](#parameter-name) | string | The name of the CNAME record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cnameRecord` | object | `{object}` | A CNAME record. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cnameRecord`](#parameter-cnamerecord) | object | A CNAME record. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `cnameRecord` + +A CNAME record. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the CNAME record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed CNAME record. | | `resourceGroupName` | string | The resource group of the deployed CNAME record. | diff --git a/modules/network/private-dns-zone/cname/main.json b/modules/network/private-dns-zone/cname/main.json index ac82b9556b..a5b1b40592 100644 --- a/modules/network/private-dns-zone/cname/main.json +++ b/modules/network/private-dns-zone/cname/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3131685819107198557" + "version": "0.22.6.54827", + "templateHash": "1218346372201244802" }, "name": "Private DNS Zone CNAME record", "description": "This module deploys a Private DNS Zone CNAME record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14977392232463085529" + "version": "0.22.6.54827", + "templateHash": "3701509590842402185" } }, "parameters": { diff --git a/modules/network/private-dns-zone/main.json b/modules/network/private-dns-zone/main.json index 67a605e5c0..575b535727 100644 --- a/modules/network/private-dns-zone/main.json +++ b/modules/network/private-dns-zone/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13683700730440109473" + "version": "0.22.6.54827", + "templateHash": "7094231343264488816" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", @@ -195,8 +195,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3023625235674916080" + "version": "0.22.6.54827", + "templateHash": "3286674755199812485" }, "name": "Private DNS Zone A record", "description": "This module deploys a Private DNS Zone A record.", @@ -310,8 +310,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3091185834162670777" + "version": "0.22.6.54827", + "templateHash": "13885309482367640092" } }, "parameters": { @@ -517,8 +517,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9619664849560898729" + "version": "0.22.6.54827", + "templateHash": "17200265918515224034" }, "name": "Private DNS Zone AAAA record", "description": "This module deploys a Private DNS Zone AAAA record.", @@ -632,8 +632,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16612032211561905990" + "version": "0.22.6.54827", + "templateHash": "370590810970469037" } }, "parameters": { @@ -839,8 +839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18350416636780213220" + "version": "0.22.6.54827", + "templateHash": "1218346372201244802" }, "name": "Private DNS Zone CNAME record", "description": "This module deploys a Private DNS Zone CNAME record.", @@ -954,8 +954,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12449188823441255969" + "version": "0.22.6.54827", + "templateHash": "3701509590842402185" } }, "parameters": { @@ -1167,8 +1167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5407325770336305290" + "version": "0.22.6.54827", + "templateHash": "498719698216860438" }, "name": "Private DNS Zone MX record", "description": "This module deploys a Private DNS Zone MX record.", @@ -1282,8 +1282,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5166139968688256157" + "version": "0.22.6.54827", + "templateHash": "3875667684091614842" } }, "parameters": { @@ -1489,8 +1489,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7429124351513910459" + "version": "0.22.6.54827", + "templateHash": "15278019758073479253" }, "name": "Private DNS Zone PTR record", "description": "This module deploys a Private DNS Zone PTR record.", @@ -1604,8 +1604,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9774124555582341628" + "version": "0.22.6.54827", + "templateHash": "1115653551360161833" } }, "parameters": { @@ -1811,8 +1811,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6237133824894088471" + "version": "0.22.6.54827", + "templateHash": "2312801328936888366" }, "name": "Private DNS Zone SOA record", "description": "This module deploys a Private DNS Zone SOA record.", @@ -1926,8 +1926,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13019341765980531210" + "version": "0.22.6.54827", + "templateHash": "7407904296801266090" } }, "parameters": { @@ -2133,8 +2133,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8022373880556162081" + "version": "0.22.6.54827", + "templateHash": "5952665052269893806" }, "name": "Private DNS Zone SRV record", "description": "This module deploys a Private DNS Zone SRV record.", @@ -2248,8 +2248,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18406157225832506146" + "version": "0.22.6.54827", + "templateHash": "7603100820795358011" } }, "parameters": { @@ -2455,8 +2455,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9882979825935476673" + "version": "0.22.6.54827", + "templateHash": "1124215030878784014" }, "name": "Private DNS Zone TXT record", "description": "This module deploys a Private DNS Zone TXT record.", @@ -2570,8 +2570,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3370209117297708556" + "version": "0.22.6.54827", + "templateHash": "16791864516622438253" } }, "parameters": { @@ -2777,8 +2777,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2352064432983921161" + "version": "0.22.6.54827", + "templateHash": "12342244725180262876" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -2932,8 +2932,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13504974986686820957" + "version": "0.22.6.54827", + "templateHash": "2044377995221762227" } }, "parameters": { diff --git a/modules/network/private-dns-zone/mx/README.md b/modules/network/private-dns-zone/mx/README.md index 2e235dc3a0..66a893a225 100644 --- a/modules/network/private-dns-zone/mx/README.md +++ b/modules/network/private-dns-zone/mx/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone MX record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the MX record. | +| [`name`](#parameter-name) | string | The name of the MX record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `mxRecords` | array | `[]` | The list of MX records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`mxRecords`](#parameter-mxrecords) | array | The list of MX records in the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mxRecords` + +The list of MX records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the MX record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed MX record. | | `resourceGroupName` | string | The resource group of the deployed MX record. | diff --git a/modules/network/private-dns-zone/mx/main.json b/modules/network/private-dns-zone/mx/main.json index 418f721f60..1e0f858136 100644 --- a/modules/network/private-dns-zone/mx/main.json +++ b/modules/network/private-dns-zone/mx/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6965287962374254577" + "version": "0.22.6.54827", + "templateHash": "498719698216860438" }, "name": "Private DNS Zone MX record", "description": "This module deploys a Private DNS Zone MX record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11594799085721281275" + "version": "0.22.6.54827", + "templateHash": "3875667684091614842" } }, "parameters": { diff --git a/modules/network/private-dns-zone/ptr/README.md b/modules/network/private-dns-zone/ptr/README.md index 1af2199b1e..f680fea464 100644 --- a/modules/network/private-dns-zone/ptr/README.md +++ b/modules/network/private-dns-zone/ptr/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone PTR record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the PTR record. | +| [`name`](#parameter-name) | string | The name of the PTR record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `ptrRecords` | array | `[]` | The list of PTR records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`ptrRecords`](#parameter-ptrrecords) | array | The list of PTR records in the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the PTR record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `ptrRecords` + +The list of PTR records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed PTR record. | | `resourceGroupName` | string | The resource group of the deployed PTR record. | diff --git a/modules/network/private-dns-zone/ptr/main.json b/modules/network/private-dns-zone/ptr/main.json index 06a5084efd..fd96b1c0b3 100644 --- a/modules/network/private-dns-zone/ptr/main.json +++ b/modules/network/private-dns-zone/ptr/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13259276818307387958" + "version": "0.22.6.54827", + "templateHash": "15278019758073479253" }, "name": "Private DNS Zone PTR record", "description": "This module deploys a Private DNS Zone PTR record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11481493487541604106" + "version": "0.22.6.54827", + "templateHash": "1115653551360161833" } }, "parameters": { diff --git a/modules/network/private-dns-zone/soa/README.md b/modules/network/private-dns-zone/soa/README.md index d67c893c38..67fd6e00e6 100644 --- a/modules/network/private-dns-zone/soa/README.md +++ b/modules/network/private-dns-zone/soa/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone SOA record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the SOA record. | +| [`name`](#parameter-name) | string | The name of the SOA record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `soaRecord` | object | `{object}` | A SOA record. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`soaRecord`](#parameter-soarecord) | object | A SOA record. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the SOA record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `soaRecord` + +A SOA record. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed SOA record. | | `resourceGroupName` | string | The resource group of the deployed SOA record. | diff --git a/modules/network/private-dns-zone/soa/main.json b/modules/network/private-dns-zone/soa/main.json index e3427de316..0cb2fbaa4c 100644 --- a/modules/network/private-dns-zone/soa/main.json +++ b/modules/network/private-dns-zone/soa/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1534736495493771844" + "version": "0.22.6.54827", + "templateHash": "2312801328936888366" }, "name": "Private DNS Zone SOA record", "description": "This module deploys a Private DNS Zone SOA record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13036989829941135965" + "version": "0.22.6.54827", + "templateHash": "7407904296801266090" } }, "parameters": { diff --git a/modules/network/private-dns-zone/srv/README.md b/modules/network/private-dns-zone/srv/README.md index fbddcefda1..9fddfb9099 100644 --- a/modules/network/private-dns-zone/srv/README.md +++ b/modules/network/private-dns-zone/srv/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone SRV record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the SRV record. | +| [`name`](#parameter-name) | string | The name of the SRV record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `srvRecords` | array | `[]` | The list of SRV records in the record set. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`srvRecords`](#parameter-srvrecords) | array | The list of SRV records in the record set. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the SRV record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `srvRecords` + +The list of SRV records in the record set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed SRV record. | | `resourceGroupName` | string | The resource group of the deployed SRV record. | diff --git a/modules/network/private-dns-zone/srv/main.json b/modules/network/private-dns-zone/srv/main.json index f52d859ff7..0380f2b5a4 100644 --- a/modules/network/private-dns-zone/srv/main.json +++ b/modules/network/private-dns-zone/srv/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6444239705368252849" + "version": "0.22.6.54827", + "templateHash": "5952665052269893806" }, "name": "Private DNS Zone SRV record", "description": "This module deploys a Private DNS Zone SRV record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17805809595422297514" + "version": "0.22.6.54827", + "templateHash": "7603100820795358011" } }, "parameters": { diff --git a/modules/network/private-dns-zone/txt/README.md b/modules/network/private-dns-zone/txt/README.md index 62fe57a009..10472d8fbd 100644 --- a/modules/network/private-dns-zone/txt/README.md +++ b/modules/network/private-dns-zone/txt/README.md @@ -20,30 +20,77 @@ This module deploys a Private DNS Zone TXT record. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the TXT record. | +| [`name`](#parameter-name) | string | The name of the TXT record. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | -| `txtRecords` | array | `[]` | The list of TXT records in the record set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`metadata`](#parameter-metadata) | object | The metadata attached to the record set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +| [`txtRecords`](#parameter-txtrecords) | array | The list of TXT records in the record set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +The metadata attached to the record set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the TXT record. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ttl` + +The TTL (time-to-live) of the records in the record set. +- Required: No +- Type: int +- Default: `3600` + +### Parameter: `txtRecords` + +The list of TXT records in the record set. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed TXT record. | | `resourceGroupName` | string | The resource group of the deployed TXT record. | diff --git a/modules/network/private-dns-zone/txt/main.json b/modules/network/private-dns-zone/txt/main.json index 9bc41b0ee0..49da878984 100644 --- a/modules/network/private-dns-zone/txt/main.json +++ b/modules/network/private-dns-zone/txt/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11503781556355030458" + "version": "0.22.6.54827", + "templateHash": "1124215030878784014" }, "name": "Private DNS Zone TXT record", "description": "This module deploys a Private DNS Zone TXT record.", @@ -119,8 +119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9559644743323745935" + "version": "0.22.6.54827", + "templateHash": "16791864516622438253" } }, "parameters": { diff --git a/modules/network/private-dns-zone/virtual-network-link/README.md b/modules/network/private-dns-zone/virtual-network-link/README.md index 44f61227f6..b745342815 100644 --- a/modules/network/private-dns-zone/virtual-network-link/README.md +++ b/modules/network/private-dns-zone/virtual-network-link/README.md @@ -19,30 +19,77 @@ This module deploys a Private DNS Zone Virtual Network Link. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualNetworkResourceId` | string | Link to another virtual network resource ID. | +| [`virtualNetworkResourceId`](#parameter-virtualnetworkresourceid) | string | Link to another virtual network resource ID. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | +| [`privateDnsZoneName`](#parameter-privatednszonename) | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | The location of the PrivateDNSZone. Should be global. | -| `name` | string | `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` | The name of the virtual network link. | -| `registrationEnabled` | bool | `False` | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location of the PrivateDNSZone. Should be global. | +| [`name`](#parameter-name) | string | The name of the virtual network link. | +| [`registrationEnabled`](#parameter-registrationenabled) | bool | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location of the PrivateDNSZone. Should be global. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `name` + +The name of the virtual network link. +- Required: No +- Type: string +- Default: `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `registrationEnabled` + +Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkResourceId` + +Link to another virtual network resource ID. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed virtual network link. | diff --git a/modules/network/private-dns-zone/virtual-network-link/main.json b/modules/network/private-dns-zone/virtual-network-link/main.json index 7d0bc4e594..51d922b079 100644 --- a/modules/network/private-dns-zone/virtual-network-link/main.json +++ b/modules/network/private-dns-zone/virtual-network-link/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8504562326898440676" + "version": "0.22.6.54827", + "templateHash": "12342244725180262876" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", diff --git a/modules/network/private-endpoint/.test/common/main.test.bicep b/modules/network/private-endpoint/.test/common/main.test.bicep index 548ffb6f74..856807277f 100644 --- a/modules/network/private-endpoint/.test/common/main.test.bicep +++ b/modules/network/private-endpoint/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/private-endpoint/.test/min/main.test.bicep b/modules/network/private-endpoint/.test/min/main.test.bicep index f858091d54..6d5c80f1b3 100644 --- a/modules/network/private-endpoint/.test/min/main.test.bicep +++ b/modules/network/private-endpoint/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/private-endpoint/README.md b/modules/network/private-endpoint/README.md index 86ea2dc1c5..241b1e441a 100644 --- a/modules/network/private-endpoint/README.md +++ b/modules/network/private-endpoint/README.md @@ -4,13 +4,13 @@ This module deploys a Private Endpoint. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,62 +19,28 @@ This module deploys a Private Endpoint. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `groupIds` | array | Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. | -| `name` | string | Name of the private endpoint resource to create. | -| `serviceResourceId` | string | Resource ID of the resource that needs to be connected to the network. | -| `subnetResourceId` | string | Resource ID of the subnet where the endpoint needs to be created. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.private-endpoint:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applicationSecurityGroups` | array | `[]` | | Application security groups in which the private endpoint IP configuration is included. | -| `customDnsConfigs` | array | `[]` | | Custom DNS configurations. | -| `customNetworkInterfaceName` | string | `''` | | The custom name of the network interface attached to the private endpoint. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipConfigurations` | array | `[]` | | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `manualPrivateLinkServiceConnections` | array | `[]` | | Manual PrivateLink Service Connections. | -| `privateDnsZoneGroup` | _[privateDnsZoneGroup](private-dns-zone-group/README.md)_ object | `{object}` | | The private DNS zone group configuration used to associate the private endpoint with one or multiple private DNS zones. A DNS zone group can support up to 5 DNS zones. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags to be applied on all resources/resource groups in this deployment. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private endpoint. | -| `resourceGroupName` | string | The resource group the private endpoint was deployed into. | -| `resourceId` | string | The resource ID of the private endpoint. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module privateEndpoint './network/private-endpoint/main.bicep' = { +module privateEndpoint 'br:bicep/modules/network.private-endpoint:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npecom' params: { // Required parameters @@ -214,14 +180,17 @@ module privateEndpoint './network/private-endpoint/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module privateEndpoint './network/private-endpoint/main.bicep' = { +module privateEndpoint 'br:bicep/modules/network.private-endpoint:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npemin' params: { // Required parameters @@ -274,3 +243,147 @@ module privateEndpoint './network/private-endpoint/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`groupIds`](#parameter-groupids) | array | Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. | +| [`name`](#parameter-name) | string | Name of the private endpoint resource to create. | +| [`serviceResourceId`](#parameter-serviceresourceid) | string | Resource ID of the resource that needs to be connected to the network. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroups`](#parameter-applicationsecuritygroups) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-customdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-customnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipConfigurations`](#parameter-ipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-manualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`privateDnsZoneGroup`](#parameter-privatednszonegroup) | object | The private DNS zone group configuration used to associate the private endpoint with one or multiple private DNS zones. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. | + +### Parameter: `applicationSecurityGroups` + +Application security groups in which the private endpoint IP configuration is included. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customDnsConfigs` + +Custom DNS configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customNetworkInterfaceName` + +The custom name of the network interface attached to the private endpoint. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groupIds` + +Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. +- Required: Yes +- Type: array + +### Parameter: `ipConfigurations` + +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `manualPrivateLinkServiceConnections` + +Manual PrivateLink Service Connections. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Name of the private endpoint resource to create. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneGroup` + +The private DNS zone group configuration used to associate the private endpoint with one or multiple private DNS zones. A DNS zone group can support up to 5 DNS zones. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceResourceId` + +Resource ID of the resource that needs to be connected to the network. +- Required: Yes +- Type: string + +### Parameter: `subnetResourceId` + +Resource ID of the subnet where the endpoint needs to be created. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags to be applied on all resources/resource groups in this deployment. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the private endpoint. | +| `resourceGroupName` | string | The resource group the private endpoint was deployed into. | +| `resourceId` | string | The resource ID of the private endpoint. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/private-endpoint/main.json b/modules/network/private-endpoint/main.json index ec5e636ac3..afc81174b1 100644 --- a/modules/network/private-endpoint/main.json +++ b/modules/network/private-endpoint/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -204,8 +204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -342,8 +342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/network/private-endpoint/private-dns-zone-group/README.md b/modules/network/private-endpoint/private-dns-zone-group/README.md index e1d46b8986..2aebf21298 100644 --- a/modules/network/private-endpoint/private-dns-zone-group/README.md +++ b/modules/network/private-endpoint/private-dns-zone-group/README.md @@ -19,27 +19,53 @@ This module deploys a Private Endpoint Private DNS Zone Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateDNSResourceIds` | array | Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. | +| [`privateDNSResourceIds`](#parameter-privatednsresourceids) | array | Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateEndpointName` | string | The name of the parent private endpoint. Required if the template is used in a standalone deployment. | +| [`privateEndpointName`](#parameter-privateendpointname) | string | The name of the parent private endpoint. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'default'` | The name of the private DNS zone group. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the private DNS zone group. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the private DNS zone group. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `privateDNSResourceIds` + +Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. +- Required: Yes +- Type: array + +### Parameter: `privateEndpointName` + +The name of the parent private endpoint. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the private endpoint DNS zone group. | | `resourceGroupName` | string | The resource group the private endpoint DNS zone group was deployed into. | diff --git a/modules/network/private-endpoint/private-dns-zone-group/main.json b/modules/network/private-endpoint/private-dns-zone-group/main.json index 93baa64a6d..a631f45296 100644 --- a/modules/network/private-endpoint/private-dns-zone-group/main.json +++ b/modules/network/private-endpoint/private-dns-zone-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17831763001460207830" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", diff --git a/modules/network/private-link-service/.test/common/main.test.bicep b/modules/network/private-link-service/.test/common/main.test.bicep index 76599c870e..2566dda08b 100644 --- a/modules/network/private-link-service/.test/common/main.test.bicep +++ b/modules/network/private-link-service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/private-link-service/.test/min/main.test.bicep b/modules/network/private-link-service/.test/min/main.test.bicep index 7e1e9580f8..d56543c89b 100644 --- a/modules/network/private-link-service/.test/min/main.test.bicep +++ b/modules/network/private-link-service/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/private-link-service/README.md b/modules/network/private-link-service/README.md index 779847dd62..a1182c3ce1 100644 --- a/modules/network/private-link-service/README.md +++ b/modules/network/private-link-service/README.md @@ -4,14 +4,14 @@ This module deploys a Private Link Service. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,60 +19,28 @@ This module deploys a Private Link Service. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateLinkServices` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/privateLinkServices) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the private link service to create. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoApproval` | object | `{object}` | | The auto-approval list of the private link service. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableProxyProtocol` | bool | `False` | | Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header. | -| `extendedLocation` | object | `{object}` | | The extended location of the load balancer. | -| `fqdns` | array | `[]` | | The list of Fqdn. | -| `ipConfigurations` | array | `[]` | | An array of private link service IP configurations. | -| `loadBalancerFrontendIpConfigurations` | array | `[]` | | An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags to be applied on all resources/resource groups in this deployment. | -| `visibility` | object | `{object}` | | Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. | - +## Usage examples -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private link service. | -| `resourceGroupName` | string | The resource group the private link service was deployed into. | -| `resourceId` | string | The resource ID of the private link service. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.private-link-service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module privateLinkService './network/private-link-service/main.bicep' = { +module privateLinkService 'br:bicep/modules/network.private-link-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nplscom' params: { // Required parameters @@ -220,14 +188,17 @@ module privateLinkService './network/private-link-service/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module privateLinkService './network/private-link-service/main.bicep' = { +module privateLinkService 'br:bicep/modules/network.private-link-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nplsmin' params: { // Required parameters @@ -300,6 +271,136 @@ module privateLinkService './network/private-link-service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the private link service to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoApproval`](#parameter-autoapproval) | object | The auto-approval list of the private link service. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableProxyProtocol`](#parameter-enableproxyprotocol) | bool | Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header. | +| [`extendedLocation`](#parameter-extendedlocation) | object | The extended location of the load balancer. | +| [`fqdns`](#parameter-fqdns) | array | The list of Fqdn. | +| [`ipConfigurations`](#parameter-ipconfigurations) | array | An array of private link service IP configurations. | +| [`loadBalancerFrontendIpConfigurations`](#parameter-loadbalancerfrontendipconfigurations) | array | An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. | +| [`visibility`](#parameter-visibility) | object | Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. | + +### Parameter: `autoApproval` + +The auto-approval list of the private link service. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableProxyProtocol` + +Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `extendedLocation` + +The extended location of the load balancer. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `fqdns` + +The list of Fqdn. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipConfigurations` + +An array of private link service IP configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `loadBalancerFrontendIpConfigurations` + +An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the private link service to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags to be applied on all resources/resource groups in this deployment. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `visibility` + +Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the private link service. | +| `resourceGroupName` | string | The resource group the private link service was deployed into. | +| `resourceId` | string | The resource ID of the private link service. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `ipConfigurations` diff --git a/modules/network/public-ip-address/.test/common/main.test.bicep b/modules/network/public-ip-address/.test/common/main.test.bicep index abe179fbf3..73fe5bb4a5 100644 --- a/modules/network/public-ip-address/.test/common/main.test.bicep +++ b/modules/network/public-ip-address/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/public-ip-address/.test/min/main.test.bicep b/modules/network/public-ip-address/.test/min/main.test.bicep index dbcf0b97fc..e0f4f0d87d 100644 --- a/modules/network/public-ip-address/.test/min/main.test.bicep +++ b/modules/network/public-ip-address/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/public-ip-address/README.md b/modules/network/public-ip-address/README.md index f9fbb64201..d66c035af4 100644 --- a/modules/network/public-ip-address/README.md +++ b/modules/network/public-ip-address/README.md @@ -4,13 +4,13 @@ This module deploys a Public IP Address. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,71 +19,28 @@ This module deploys a Public IP Address. | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Public IP Address. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainNameLabel` | string | `''` | | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | -| `domainNameLabelScope` | string | `''` | `['', NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `fqdn` | string | `''` | | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicIPAddressVersion` | string | `'IPv4'` | `[IPv4, IPv6]` | IP address version. | -| `publicIPAllocationMethod` | string | `'Static'` | `[Dynamic, Static]` | The public IP address allocation method. | -| `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | -| `reverseFqdn` | string | `''` | | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Standard'` | `[Basic, Standard]` | Name of a public IP address SKU. | -| `skuTier` | string | `'Regional'` | `[Global, Regional]` | Tier of a public IP address SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zones` | array | `[]` | | A list of availability zones denoting the IP allocated for the resource needs to come from. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `ipAddress` | string | The public IP address of the public IP address resource. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the public IP address. | -| `resourceGroupName` | string | The resource group the public IP address was deployed into. | -| `resourceId` | string | The resource ID of the public IP address. | - -## Cross-referenced modules - -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.public-ip-address:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module publicIpAddress './network/public-ip-address/main.bicep' = { +module publicIpAddress 'br:bicep/modules/network.public-ip-address:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npiacom' params: { // Required parameters @@ -193,14 +150,17 @@ module publicIpAddress './network/public-ip-address/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module publicIpAddress './network/public-ip-address/main.bicep' = { +module publicIpAddress 'br:bicep/modules/network.public-ip-address:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npiamin' params: { // Required parameters @@ -237,3 +197,222 @@ module publicIpAddress './network/public-ip-address/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Public IP Address. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`domainNameLabel`](#parameter-domainnamelabel) | string | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | +| [`domainNameLabelScope`](#parameter-domainnamelabelscope) | string | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`fqdn`](#parameter-fqdn) | string | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicIPAddressVersion`](#parameter-publicipaddressversion) | string | IP address version. | +| [`publicIPAllocationMethod`](#parameter-publicipallocationmethod) | string | The public IP address allocation method. | +| [`publicIPPrefixResourceId`](#parameter-publicipprefixresourceid) | string | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | +| [`reverseFqdn`](#parameter-reversefqdn) | string | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | Name of a public IP address SKU. | +| [`skuTier`](#parameter-skutier) | string | Tier of a public IP address SKU. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting the IP allocated for the resource needs to come from. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainNameLabel` + +The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainNameLabelScope` + +The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fqdn` + +The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Public IP Address. +- Required: Yes +- Type: string + +### Parameter: `publicIPAddressVersion` + +IP address version. +- Required: No +- Type: string +- Default: `'IPv4'` +- Allowed: `[IPv4, IPv6]` + +### Parameter: `publicIPAllocationMethod` + +The public IP address allocation method. +- Required: No +- Type: string +- Default: `'Static'` +- Allowed: `[Dynamic, Static]` + +### Parameter: `publicIPPrefixResourceId` + +Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `reverseFqdn` + +The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +Name of a public IP address SKU. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Standard]` + +### Parameter: `skuTier` + +Tier of a public IP address SKU. +- Required: No +- Type: string +- Default: `'Regional'` +- Allowed: `[Global, Regional]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zones` + +A list of availability zones denoting the IP allocated for the resource needs to come from. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `ipAddress` | string | The public IP address of the public IP address resource. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the public IP address. | +| `resourceGroupName` | string | The resource group the public IP address was deployed into. | +| `resourceId` | string | The resource ID of the public IP address. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/public-ip-address/main.json b/modules/network/public-ip-address/main.json index 8bdcd4365b..583eea8a97 100644 --- a/modules/network/public-ip-address/main.json +++ b/modules/network/public-ip-address/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -338,8 +338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { diff --git a/modules/network/public-ip-prefix/.test/common/main.test.bicep b/modules/network/public-ip-prefix/.test/common/main.test.bicep index edaa6063a0..4c96332650 100644 --- a/modules/network/public-ip-prefix/.test/common/main.test.bicep +++ b/modules/network/public-ip-prefix/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/public-ip-prefix/.test/min/main.test.bicep b/modules/network/public-ip-prefix/.test/min/main.test.bicep index 4c9350f358..8115e852ed 100644 --- a/modules/network/public-ip-prefix/.test/min/main.test.bicep +++ b/modules/network/public-ip-prefix/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/public-ip-prefix/README.md b/modules/network/public-ip-prefix/README.md index 4c46286757..b10bc8730b 100644 --- a/modules/network/public-ip-prefix/README.md +++ b/modules/network/public-ip-prefix/README.md @@ -4,13 +4,13 @@ This module deploys a Public IP Prefix. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,55 +18,28 @@ This module deploys a Public IP Prefix. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/publicIPPrefixes` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPPrefixes) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Public IP Prefix. | -| `prefixLength` | int | Length of the Public IP Prefix. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customIPPrefix` | object | `{object}` | | The customIpPrefix that this prefix is associated with. A custom IP address prefix is a contiguous range of IP addresses owned by an external customer and provisioned into a subscription. When a custom IP prefix is in Provisioned, Commissioning, or Commissioned state, a linked public IP prefix can be created. Either as a subset of the custom IP prefix range or the entire range. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the public IP prefix. | -| `resourceGroupName` | string | The resource group the public IP prefix was deployed into. | -| `resourceId` | string | The resource ID of the public IP prefix. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.public-ip-prefix:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module publicIpPrefix './network/public-ip-prefix/main.bicep' = { +module publicIpPrefix 'br:bicep/modules/network.public-ip-prefix:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npipcom' params: { // Required parameters @@ -144,14 +117,17 @@ module publicIpPrefix './network/public-ip-prefix/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module publicIpPrefix './network/public-ip-prefix/main.bicep' = { +module publicIpPrefix 'br:bicep/modules/network.public-ip-prefix:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-npipmin' params: { // Required parameters @@ -192,3 +168,93 @@ module publicIpPrefix './network/public-ip-prefix/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Public IP Prefix. | +| [`prefixLength`](#parameter-prefixlength) | int | Length of the Public IP Prefix. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customIPPrefix`](#parameter-customipprefix) | object | The customIpPrefix that this prefix is associated with. A custom IP address prefix is a contiguous range of IP addresses owned by an external customer and provisioned into a subscription. When a custom IP prefix is in Provisioned, Commissioning, or Commissioned state, a linked public IP prefix can be created. Either as a subset of the custom IP prefix range or the entire range. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `customIPPrefix` + +The customIpPrefix that this prefix is associated with. A custom IP address prefix is a contiguous range of IP addresses owned by an external customer and provisioned into a subscription. When a custom IP prefix is in Provisioned, Commissioning, or Commissioned state, a linked public IP prefix can be created. Either as a subset of the custom IP prefix range or the entire range. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Public IP Prefix. +- Required: Yes +- Type: string + +### Parameter: `prefixLength` + +Length of the Public IP Prefix. +- Required: Yes +- Type: int + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the public IP prefix. | +| `resourceGroupName` | string | The resource group the public IP prefix was deployed into. | +| `resourceId` | string | The resource ID of the public IP prefix. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/public-ip-prefix/main.json b/modules/network/public-ip-prefix/main.json index 6c4991917a..be4b9e2e6f 100644 --- a/modules/network/public-ip-prefix/main.json +++ b/modules/network/public-ip-prefix/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8483631788691370434" + "version": "0.22.6.54827", + "templateHash": "823818284337127737" }, "name": "Public IP Prefixes", "description": "This module deploys a Public IP Prefix.", @@ -153,8 +153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12600348536826609497" + "version": "0.22.6.54827", + "templateHash": "11602921617847310411" } }, "parameters": { diff --git a/modules/network/route-table/.test/common/main.test.bicep b/modules/network/route-table/.test/common/main.test.bicep index 4fafb95fe9..760b5c2741 100644 --- a/modules/network/route-table/.test/common/main.test.bicep +++ b/modules/network/route-table/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/route-table/.test/min/main.test.bicep b/modules/network/route-table/.test/min/main.test.bicep index 1171694e3e..1515b9a8fb 100644 --- a/modules/network/route-table/.test/min/main.test.bicep +++ b/modules/network/route-table/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index cc9d1fc7b2..ce2ec44629 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -4,13 +4,13 @@ This module deploys a User Defined Route Table (UDR). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,55 +18,28 @@ This module deploys a User Defined Route Table (UDR). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/routeTables` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/routeTables) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name given for the hub route table. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `disableBgpRoutePropagation` | bool | `False` | | Switch to disable BGP route propagation. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routes` | array | `[]` | | An Array of Routes to be established within the hub route table. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the route table. | -| `resourceGroupName` | string | The resource group the route table was deployed into. | -| `resourceId` | string | The resource ID of the route table. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.route-table:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module routeTable './network/route-table/main.bicep' = { +module routeTable 'br:bicep/modules/network.route-table:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nrtcom' params: { // Required parameters @@ -162,14 +135,17 @@ module routeTable './network/route-table/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module routeTable './network/route-table/main.bicep' = { +module routeTable 'br:bicep/modules/network.route-table:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nrtmin' params: { // Required parameters @@ -206,3 +182,94 @@ module routeTable './network/route-table/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name given for the hub route table. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`disableBgpRoutePropagation`](#parameter-disablebgproutepropagation) | bool | Switch to disable BGP route propagation. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`routes`](#parameter-routes) | array | An Array of Routes to be established within the hub route table. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `disableBgpRoutePropagation` + +Switch to disable BGP route propagation. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name given for the hub route table. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `routes` + +An Array of Routes to be established within the hub route table. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the route table. | +| `resourceGroupName` | string | The resource group the route table was deployed into. | +| `resourceId` | string | The resource ID of the route table. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/route-table/main.json b/modules/network/route-table/main.json index 88ee39b935..af2f4acac1 100644 --- a/modules/network/route-table/main.json +++ b/modules/network/route-table/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16901020059432572250" + "version": "0.22.6.54827", + "templateHash": "14175124869769293837" }, "name": "Route Tables", "description": "This module deploys a User Defined Route Table (UDR).", @@ -147,8 +147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15918129007023123856" + "version": "0.22.6.54827", + "templateHash": "5854028200493831551" } }, "parameters": { diff --git a/modules/network/service-endpoint-policy/.test/common/main.test.bicep b/modules/network/service-endpoint-policy/.test/common/main.test.bicep index a558092313..ef6675cda3 100644 --- a/modules/network/service-endpoint-policy/.test/common/main.test.bicep +++ b/modules/network/service-endpoint-policy/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/service-endpoint-policy/.test/min/main.test.bicep b/modules/network/service-endpoint-policy/.test/min/main.test.bicep index 24e0f500a5..7ac8d7747a 100644 --- a/modules/network/service-endpoint-policy/.test/min/main.test.bicep +++ b/modules/network/service-endpoint-policy/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/service-endpoint-policy/README.md b/modules/network/service-endpoint-policy/README.md index 38a9157321..f58b19c384 100644 --- a/modules/network/service-endpoint-policy/README.md +++ b/modules/network/service-endpoint-policy/README.md @@ -5,10 +5,10 @@ This module deploys a Service Endpoint Policy. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,56 +18,28 @@ This module deploys a Service Endpoint Policy. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/serviceEndpointPolicies` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/serviceEndpointPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The Service Endpoint Policy name. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `contextualServiceEndpointPolicies` | array | `[]` | | An Array of contextual service endpoint policy. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceAlias` | string | `''` | | The alias indicating if the policy belongs to a service. | -| `serviceEndpointPolicyDefinitions` | array | `[]` | | An Array of service endpoint policy definitions. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Service Endpoint Policy. | -| `resourceGroupName` | string | The resource group the Service Endpoint Policy was deployed into. | -| `resourceId` | string | The resource ID of the Service Endpoint Policy. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.service-endpoint-policy:1.0.0`. -## Cross-referenced modules +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -_None_ +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = { +module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nsnpcom' params: { // Required parameters @@ -169,14 +141,17 @@ module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = { +module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nsnpmin' params: { // Required parameters @@ -213,3 +188,102 @@ module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The Service Endpoint Policy name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`contextualServiceEndpointPolicies`](#parameter-contextualserviceendpointpolicies) | array | An Array of contextual service endpoint policy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceAlias`](#parameter-servicealias) | string | The alias indicating if the policy belongs to a service. | +| [`serviceEndpointPolicyDefinitions`](#parameter-serviceendpointpolicydefinitions) | array | An Array of service endpoint policy definitions. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `contextualServiceEndpointPolicies` + +An Array of contextual service endpoint policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The Service Endpoint Policy name. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceAlias` + +The alias indicating if the policy belongs to a service. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceEndpointPolicyDefinitions` + +An Array of service endpoint policy definitions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Service Endpoint Policy. | +| `resourceGroupName` | string | The resource group the Service Endpoint Policy was deployed into. | +| `resourceId` | string | The resource ID of the Service Endpoint Policy. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/service-endpoint-policy/main.json b/modules/network/service-endpoint-policy/main.json index 46c01805d0..da6271e05c 100644 --- a/modules/network/service-endpoint-policy/main.json +++ b/modules/network/service-endpoint-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7581628455026938381" + "version": "0.22.6.54827", + "templateHash": "702238259297546605" }, "name": "Service Endpoint Policies", "description": "This module deploys a Service Endpoint Policy.", @@ -155,8 +155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15055971962075100955" + "version": "0.22.6.54827", + "templateHash": "1377119003389114371" } }, "parameters": { diff --git a/modules/network/trafficmanagerprofile/.test/common/main.test.bicep b/modules/network/trafficmanagerprofile/.test/common/main.test.bicep index 7111fdb6dd..14ba90e0c3 100644 --- a/modules/network/trafficmanagerprofile/.test/common/main.test.bicep +++ b/modules/network/trafficmanagerprofile/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/trafficmanagerprofile/.test/min/main.test.bicep b/modules/network/trafficmanagerprofile/.test/min/main.test.bicep index d34573ba6c..b0100513d4 100644 --- a/modules/network/trafficmanagerprofile/.test/min/main.test.bicep +++ b/modules/network/trafficmanagerprofile/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index d9db9a5dbe..614ac693bf 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -4,14 +4,14 @@ This module deploys a Traffic Manager Profile. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,66 +20,28 @@ This module deploys a Traffic Manager Profile. | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/trafficmanagerprofiles` | [2018-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Traffic Manager. | -| `relativeName` | string | The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ProbeHealthStatusEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endpoints` | array | `[]` | | The list of endpoints in the Traffic Manager profile. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxReturn` | int | `1` | | Maximum number of endpoints to be returned for MultiValue routing type. | -| `monitorConfig` | object | `{object}` | | The endpoint monitoring settings of the Traffic Manager profile. | -| `profileStatus` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the Traffic Manager profile. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | -| `trafficRoutingMethod` | string | `'Performance'` | `[Geographic, MultiValue, Performance, Priority, Subnet, Weighted]` | The traffic routing method of the Traffic Manager profile. | -| `trafficViewEnrollmentStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | -| `ttl` | int | `60` | | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the traffic manager was deployed into. | -| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | -| `resourceId` | string | The resource ID of the traffic manager. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.trafficmanagerprofile:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = { +module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ntmpcom' params: { // Required parameters @@ -173,14 +135,17 @@ module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = { +module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ntmpmin' params: { // Required parameters @@ -223,6 +188,195 @@ module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Traffic Manager. | +| [`relativeName`](#parameter-relativename) | string | The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endpoints`](#parameter-endpoints) | array | The list of endpoints in the Traffic Manager profile. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxReturn`](#parameter-maxreturn) | int | Maximum number of endpoints to be returned for MultiValue routing type. | +| [`monitorConfig`](#parameter-monitorconfig) | object | The endpoint monitoring settings of the Traffic Manager profile. | +| [`profileStatus`](#parameter-profilestatus) | string | The status of the Traffic Manager profile. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`trafficRoutingMethod`](#parameter-trafficroutingmethod) | string | The traffic routing method of the Traffic Manager profile. | +| [`trafficViewEnrollmentStatus`](#parameter-trafficviewenrollmentstatus) | string | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | +| [`ttl`](#parameter-ttl) | int | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ProbeHealthStatusEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpoints` + +The list of endpoints in the Traffic Manager profile. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxReturn` + +Maximum number of endpoints to be returned for MultiValue routing type. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `monitorConfig` + +The endpoint monitoring settings of the Traffic Manager profile. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the Traffic Manager. +- Required: Yes +- Type: string + +### Parameter: `profileStatus` + +The status of the Traffic Manager profile. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `relativeName` + +The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trafficRoutingMethod` + +The traffic routing method of the Traffic Manager profile. +- Required: No +- Type: string +- Default: `'Performance'` +- Allowed: `[Geographic, MultiValue, Performance, Priority, Subnet, Weighted]` + +### Parameter: `trafficViewEnrollmentStatus` + +Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ttl` + +The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. +- Required: No +- Type: int +- Default: `60` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the traffic manager was deployed into. | +| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | +| `resourceId` | string | The resource ID of the traffic manager. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `monitorConfig` diff --git a/modules/network/trafficmanagerprofile/main.json b/modules/network/trafficmanagerprofile/main.json index 742c68c8e9..2d333fa853 100644 --- a/modules/network/trafficmanagerprofile/main.json +++ b/modules/network/trafficmanagerprofile/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10487954711345174328" + "version": "0.22.6.54827", + "templateHash": "10820097547945525322" }, "name": "Traffic Manager Profiles", "description": "This module deploys a Traffic Manager Profile.", @@ -311,8 +311,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8641211741680217957" + "version": "0.22.6.54827", + "templateHash": "5157762725404408248" } }, "parameters": { diff --git a/modules/network/virtual-hub/.test/common/main.test.bicep b/modules/network/virtual-hub/.test/common/main.test.bicep index b4901c097a..f6186c40cf 100644 --- a/modules/network/virtual-hub/.test/common/main.test.bicep +++ b/modules/network/virtual-hub/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/virtual-hub/.test/min/main.test.bicep b/modules/network/virtual-hub/.test/min/main.test.bicep index b198a5b312..56a53cb235 100644 --- a/modules/network/virtual-hub/.test/min/main.test.bicep +++ b/modules/network/virtual-hub/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/virtual-hub/README.md b/modules/network/virtual-hub/README.md index d40c79d5e8..be143b75c0 100644 --- a/modules/network/virtual-hub/README.md +++ b/modules/network/virtual-hub/README.md @@ -6,10 +6,10 @@ If you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integ ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,68 +20,28 @@ If you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integ | `Microsoft.Network/virtualHubs/hubRouteTables` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/virtualHubs/hubRouteTables) | | `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/virtualHubs/hubVirtualNetworkConnections) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefix` | string | Address-prefix for this VirtualHub. | -| `name` | string | The virtual hub name. | -| `virtualWanId` | string | Resource ID of the virtual WAN to link to. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowBranchToBranchTraffic` | bool | `True` | | Flag to control transit for VirtualRouter hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `expressRouteGatewayId` | string | `''` | | Resource ID of the Express Route Gateway to link to. | -| `hubRouteTables` | array | `[]` | | Route tables to create for the virtual hub. | -| `hubVirtualNetworkConnections` | array | `[]` | | Virtual network connections to create for the virtual hub. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `p2SVpnGatewayId` | string | `''` | | Resource ID of the Point-to-Site VPN Gateway to link to. | -| `preferredRoutingGateway` | string | `''` | `['', ExpressRoute, None, VpnGateway]` | The preferred routing gateway types. | -| `routeTableRoutes` | array | `[]` | | VirtualHub route tables. | -| `securityPartnerProviderId` | string | `''` | | ID of the Security Partner Provider to link to. | -| `securityProviderName` | string | `''` | | The Security Provider name. | -| `sku` | string | `'Standard'` | `[Basic, Standard]` | The sku of this VirtualHub. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `virtualHubRouteTableV2s` | array | `[]` | | List of all virtual hub route table v2s associated with this VirtualHub. | -| `virtualRouterAsn` | int | `-1` | | VirtualRouter ASN. | -| `virtualRouterIps` | array | `[]` | | VirtualRouter IPs. | -| `vpnGatewayId` | string | `''` | | Resource ID of the VPN Gateway to link to. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual hub. | -| `resourceGroupName` | string | The resource group the virtual hub was deployed into. | -| `resourceId` | string | The resource ID of the virtual hub. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-hub:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module virtualHub './network/virtual-hub/main.bicep' = { +module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvhcom' params: { // Required parameters @@ -199,14 +159,17 @@ module virtualHub './network/virtual-hub/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module virtualHub './network/virtual-hub/main.bicep' = { +module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvhmin' params: { // Required parameters @@ -251,3 +214,198 @@ module virtualHub './network/virtual-hub/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefix`](#parameter-addressprefix) | string | Address-prefix for this VirtualHub. | +| [`name`](#parameter-name) | string | The virtual hub name. | +| [`virtualWanId`](#parameter-virtualwanid) | string | Resource ID of the virtual WAN to link to. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowBranchToBranchTraffic`](#parameter-allowbranchtobranchtraffic) | bool | Flag to control transit for VirtualRouter hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`expressRouteGatewayId`](#parameter-expressroutegatewayid) | string | Resource ID of the Express Route Gateway to link to. | +| [`hubRouteTables`](#parameter-hubroutetables) | array | Route tables to create for the virtual hub. | +| [`hubVirtualNetworkConnections`](#parameter-hubvirtualnetworkconnections) | array | Virtual network connections to create for the virtual hub. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`p2SVpnGatewayId`](#parameter-p2svpngatewayid) | string | Resource ID of the Point-to-Site VPN Gateway to link to. | +| [`preferredRoutingGateway`](#parameter-preferredroutinggateway) | string | The preferred routing gateway types. | +| [`routeTableRoutes`](#parameter-routetableroutes) | array | VirtualHub route tables. | +| [`securityPartnerProviderId`](#parameter-securitypartnerproviderid) | string | ID of the Security Partner Provider to link to. | +| [`securityProviderName`](#parameter-securityprovidername) | string | The Security Provider name. | +| [`sku`](#parameter-sku) | string | The sku of this VirtualHub. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`virtualHubRouteTableV2s`](#parameter-virtualhubroutetablev2s) | array | List of all virtual hub route table v2s associated with this VirtualHub. | +| [`virtualRouterAsn`](#parameter-virtualrouterasn) | int | VirtualRouter ASN. | +| [`virtualRouterIps`](#parameter-virtualrouterips) | array | VirtualRouter IPs. | +| [`vpnGatewayId`](#parameter-vpngatewayid) | string | Resource ID of the VPN Gateway to link to. | + +### Parameter: `addressPrefix` + +Address-prefix for this VirtualHub. +- Required: Yes +- Type: string + +### Parameter: `allowBranchToBranchTraffic` + +Flag to control transit for VirtualRouter hub. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `expressRouteGatewayId` + +Resource ID of the Express Route Gateway to link to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `hubRouteTables` + +Route tables to create for the virtual hub. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hubVirtualNetworkConnections` + +Virtual network connections to create for the virtual hub. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The virtual hub name. +- Required: Yes +- Type: string + +### Parameter: `p2SVpnGatewayId` + +Resource ID of the Point-to-Site VPN Gateway to link to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `preferredRoutingGateway` + +The preferred routing gateway types. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', ExpressRoute, None, VpnGateway]` + +### Parameter: `routeTableRoutes` + +VirtualHub route tables. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityPartnerProviderId` + +ID of the Security Partner Provider to link to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `securityProviderName` + +The Security Provider name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sku` + +The sku of this VirtualHub. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Standard]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualHubRouteTableV2s` + +List of all virtual hub route table v2s associated with this VirtualHub. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualRouterAsn` + +VirtualRouter ASN. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `virtualRouterIps` + +VirtualRouter IPs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualWanId` + +Resource ID of the virtual WAN to link to. +- Required: Yes +- Type: string + +### Parameter: `vpnGatewayId` + +Resource ID of the VPN Gateway to link to. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the virtual hub. | +| `resourceGroupName` | string | The resource group the virtual hub was deployed into. | +| `resourceId` | string | The resource ID of the virtual hub. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/virtual-hub/hub-route-table/README.md b/modules/network/virtual-hub/hub-route-table/README.md index dd27e32016..37e065b3e2 100644 --- a/modules/network/virtual-hub/hub-route-table/README.md +++ b/modules/network/virtual-hub/hub-route-table/README.md @@ -19,28 +19,61 @@ This module deploys a Virtual Hub Route Table. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The route table name. | +| [`name`](#parameter-name) | string | The route table name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualHubName` | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. | +| [`virtualHubName`](#parameter-virtualhubname) | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `labels` | array | `[]` | List of labels associated with this route table. | -| `routes` | array | `[]` | List of all routes. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`labels`](#parameter-labels) | array | List of labels associated with this route table. | +| [`routes`](#parameter-routes) | array | List of all routes. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `labels` + +List of labels associated with this route table. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The route table name. +- Required: Yes +- Type: string + +### Parameter: `routes` + +List of all routes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualHubName` + +The name of the parent virtual hub. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed virtual hub route table. | | `resourceGroupName` | string | The resource group the virtual hub route table was deployed into. | diff --git a/modules/network/virtual-hub/hub-route-table/main.json b/modules/network/virtual-hub/hub-route-table/main.json index 895c3a3a4f..801ad71e30 100644 --- a/modules/network/virtual-hub/hub-route-table/main.json +++ b/modules/network/virtual-hub/hub-route-table/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14518513912380539716" + "version": "0.22.6.54827", + "templateHash": "16158603795616593379" }, "name": "Virtual Hub Route Tables", "description": "This module deploys a Virtual Hub Route Table.", diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/README.md b/modules/network/virtual-hub/hub-virtual-network-connection/README.md index bd663aeb43..91988c38ee 100644 --- a/modules/network/virtual-hub/hub-virtual-network-connection/README.md +++ b/modules/network/virtual-hub/hub-virtual-network-connection/README.md @@ -19,29 +19,68 @@ This module deploys a Virtual Hub Virtual Network Connection. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The connection name. | -| `remoteVirtualNetworkId` | string | Resource ID of the virtual network to link to. | +| [`name`](#parameter-name) | string | The connection name. | +| [`remoteVirtualNetworkId`](#parameter-remotevirtualnetworkid) | string | Resource ID of the virtual network to link to. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualHubName` | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. | +| [`virtualHubName`](#parameter-virtualhubname) | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableInternetSecurity` | bool | `True` | Enable internet security. | -| `routingConfiguration` | object | `{object}` | Routing Configuration indicating the associated and propagated route tables for this connection. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. | +| [`routingConfiguration`](#parameter-routingconfiguration) | object | Routing Configuration indicating the associated and propagated route tables for this connection. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableInternetSecurity` + +Enable internet security. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The connection name. +- Required: Yes +- Type: string + +### Parameter: `remoteVirtualNetworkId` + +Resource ID of the virtual network to link to. +- Required: Yes +- Type: string + +### Parameter: `routingConfiguration` + +Routing Configuration indicating the associated and propagated route tables for this connection. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualHubName` + +The name of the parent virtual hub. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the virtual hub connection. | | `resourceGroupName` | string | The resource group the virtual hub connection was deployed into. | diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/main.json b/modules/network/virtual-hub/hub-virtual-network-connection/main.json index 3fe3471be2..c514e9baaa 100644 --- a/modules/network/virtual-hub/hub-virtual-network-connection/main.json +++ b/modules/network/virtual-hub/hub-virtual-network-connection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5767473063979797254" + "version": "0.22.6.54827", + "templateHash": "16334618854228578572" }, "name": "Virtual Hub Virtual Network Connections", "description": "This module deploys a Virtual Hub Virtual Network Connection.", diff --git a/modules/network/virtual-hub/main.json b/modules/network/virtual-hub/main.json index 2b0279e698..5e0c591d00 100644 --- a/modules/network/virtual-hub/main.json +++ b/modules/network/virtual-hub/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4151058169679427361" + "version": "0.22.6.54827", + "templateHash": "6969570927166088400" }, "name": "Virtual Hubs", "description": "This module deploys a Virtual Hub.\r\nIf you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integrated), please refer to the Azure Firewall module.", @@ -261,8 +261,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7824851023582113714" + "version": "0.22.6.54827", + "templateHash": "16158603795616593379" }, "name": "Virtual Hub Route Tables", "description": "This module deploys a Virtual Hub Route Table.", @@ -392,8 +392,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9197169920166780501" + "version": "0.22.6.54827", + "templateHash": "16334618854228578572" }, "name": "Virtual Hub Virtual Network Connections", "description": "This module deploys a Virtual Hub Virtual Network Connection.", diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index 31e33bd461..98a0acccc9 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -4,13 +4,13 @@ This module deploys a Virtual Network Gateway. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,92 +21,26 @@ This module deploys a Virtual Network Gateway. | `Microsoft.Network/virtualNetworkGateways` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworkGateways) | | `Microsoft.Network/virtualNetworkGateways/natRules` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworkGateways/natRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `gatewayType` | string | `[ExpressRoute, Vpn]` | Specifies the gateway type. E.g. VPN, ExpressRoute. | -| `name` | string | | Specifies the Virtual Network Gateway name. | -| `skuName` | string | `[Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ]` | The SKU of the Gateway. | -| `vNetResourceId` | string | | Virtual Network resource ID. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeActive` | bool | `True` | | Value to specify if the Gateway should be deployed in active-active or active-passive configuration. | -| `activeGatewayPipName` | string | `[format('{0}-pip2', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | -| `allowRemoteVnetTraffic` | bool | `False` | | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. | -| `allowVirtualWanTraffic` | bool | `False` | | Configures this gateway to accept traffic from remote Virtual WAN networks. | -| `asn` | int | `65815` | | ASN value. | -| `clientRevokedCertThumbprint` | string | `''` | | Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. | -| `clientRootCertData` | string | `''` | | Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableIPSecReplayProtection` | bool | `False` | | disableIPSecReplayProtection flag. Used for VPN Gateways. | -| `domainNameLabel` | array | `[]` | | DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. | -| `enableBgp` | bool | `True` | | Value to specify if BGP is enabled or not. | -| `enableBgpRouteTranslationForNat` | bool | `False` | | EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableDnsForwarding` | bool | `False` | | Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. | -| `enablePrivateIpAddress` | bool | `False` | | Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. | -| `gatewayDefaultSiteLocalNetworkGatewayId` | string | `''` | | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | -| `gatewayPipName` | string | `[format('{0}-pip1', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `natRules` | array | `[]` | | NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. | -| `publicIpdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `publicIpDiagnosticSettingsName` | string | `''` | | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | -| `publicIpZones` | array | `[]` | | Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `virtualNetworkGatewaydiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `vpnClientAadConfiguration` | object | `{object}` | | Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. | -| `vpnClientAddressPoolPrefix` | string | `''` | | The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. | -| `vpnGatewayGeneration` | string | `'None'` | `[Generation1, Generation2, None]` | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. | -| `vpnType` | string | `'RouteBased'` | `[PolicyBased, RouteBased]` | Specifies the VPN type. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `activeActive` | bool | Shows if the virtual network gateway is configured in active-active mode. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual network gateway. | -| `resourceGroupName` | string | The resource group the virtual network gateway was deployed. | -| `resourceId` | string | The resource ID of the virtual network gateway. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +## Usage examples -| Reference | Type | -| :-- | :-- | -| `network/public-ip-address` | Local reference | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-network-gateway:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Aadvpn](#example-1-aadvpn) +- [Expressroute](#example-2-expressroute) +- [Vpn](#example-3-vpn) -

Example 1: Aadvpn

+### Example 1: _Aadvpn_
via Bicep module ```bicep -module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = { +module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvngavpn' params: { // Required parameters @@ -260,14 +194,14 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {

-

Example 2: Expressroute

+### Example 2: _Expressroute_
via Bicep module ```bicep -module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = { +module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvger' params: { // Required parameters @@ -395,14 +329,14 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {

-

Example 3: Vpn

+### Example 3: _Vpn_
via Bicep module ```bicep -module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = { +module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvgvpn' params: { // Required parameters @@ -623,3 +557,359 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`gatewayType`](#parameter-gatewaytype) | string | Specifies the gateway type. E.g. VPN, ExpressRoute. | +| [`name`](#parameter-name) | string | Specifies the Virtual Network Gateway name. | +| [`skuName`](#parameter-skuname) | string | The SKU of the Gateway. | +| [`vNetResourceId`](#parameter-vnetresourceid) | string | Virtual Network resource ID. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`activeActive`](#parameter-activeactive) | bool | Value to specify if the Gateway should be deployed in active-active or active-passive configuration. | +| [`activeGatewayPipName`](#parameter-activegatewaypipname) | string | Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | +| [`allowRemoteVnetTraffic`](#parameter-allowremotevnettraffic) | bool | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. | +| [`allowVirtualWanTraffic`](#parameter-allowvirtualwantraffic) | bool | Configures this gateway to accept traffic from remote Virtual WAN networks. | +| [`asn`](#parameter-asn) | int | ASN value. | +| [`clientRevokedCertThumbprint`](#parameter-clientrevokedcertthumbprint) | string | Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. | +| [`clientRootCertData`](#parameter-clientrootcertdata) | string | Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableIPSecReplayProtection`](#parameter-disableipsecreplayprotection) | bool | disableIPSecReplayProtection flag. Used for VPN Gateways. | +| [`domainNameLabel`](#parameter-domainnamelabel) | array | DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. | +| [`enableBgp`](#parameter-enablebgp) | bool | Value to specify if BGP is enabled or not. | +| [`enableBgpRouteTranslationForNat`](#parameter-enablebgproutetranslationfornat) | bool | EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableDnsForwarding`](#parameter-enablednsforwarding) | bool | Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. | +| [`enablePrivateIpAddress`](#parameter-enableprivateipaddress) | bool | Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. | +| [`gatewayDefaultSiteLocalNetworkGatewayId`](#parameter-gatewaydefaultsitelocalnetworkgatewayid) | string | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | +| [`gatewayPipName`](#parameter-gatewaypipname) | string | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`natRules`](#parameter-natrules) | array | NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. | +| [`publicIpdiagnosticLogCategoriesToEnable`](#parameter-publicipdiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`publicIpDiagnosticSettingsName`](#parameter-publicipdiagnosticsettingsname) | string | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`publicIPPrefixResourceId`](#parameter-publicipprefixresourceid) | string | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | +| [`publicIpZones`](#parameter-publicipzones) | array | Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`virtualNetworkGatewaydiagnosticLogCategoriesToEnable`](#parameter-virtualnetworkgatewaydiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`vpnClientAadConfiguration`](#parameter-vpnclientaadconfiguration) | object | Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. | +| [`vpnClientAddressPoolPrefix`](#parameter-vpnclientaddresspoolprefix) | string | The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. | +| [`vpnGatewayGeneration`](#parameter-vpngatewaygeneration) | string | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. | +| [`vpnType`](#parameter-vpntype) | string | Specifies the VPN type. | + +### Parameter: `activeActive` + +Value to specify if the Gateway should be deployed in active-active or active-passive configuration. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `activeGatewayPipName` + +Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. +- Required: No +- Type: string +- Default: `[format('{0}-pip2', parameters('name'))]` + +### Parameter: `allowRemoteVnetTraffic` + +Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `allowVirtualWanTraffic` + +Configures this gateway to accept traffic from remote Virtual WAN networks. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `asn` + +ASN value. +- Required: No +- Type: int +- Default: `65815` + +### Parameter: `clientRevokedCertThumbprint` + +Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientRootCertData` + +Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableIPSecReplayProtection` + +disableIPSecReplayProtection flag. Used for VPN Gateways. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `domainNameLabel` + +DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableBgp` + +Value to specify if BGP is enabled or not. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableBgpRouteTranslationForNat` + +EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDnsForwarding` + +Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePrivateIpAddress` + +Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gatewayDefaultSiteLocalNetworkGatewayId` + +The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gatewayPipName` + +Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. +- Required: No +- Type: string +- Default: `[format('{0}-pip1', parameters('name'))]` + +### Parameter: `gatewayType` + +Specifies the gateway type. E.g. VPN, ExpressRoute. +- Required: Yes +- Type: string +- Allowed: `[ExpressRoute, Vpn]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Specifies the Virtual Network Gateway name. +- Required: Yes +- Type: string + +### Parameter: `natRules` + +NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIpdiagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` + +### Parameter: `publicIpDiagnosticSettingsName` + +The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicIPPrefixResourceId` + +Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicIpZones` + +Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The SKU of the Gateway. +- Required: Yes +- Type: string +- Allowed: `[Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkGatewaydiagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]` + +### Parameter: `vNetResourceId` + +Virtual Network resource ID. +- Required: Yes +- Type: string + +### Parameter: `vpnClientAadConfiguration` + +Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vpnClientAddressPoolPrefix` + +The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vpnGatewayGeneration` + +The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[Generation1, Generation2, None]` + +### Parameter: `vpnType` + +Specifies the VPN type. +- Required: No +- Type: string +- Default: `'RouteBased'` +- Allowed: `[PolicyBased, RouteBased]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `activeActive` | bool | Shows if the virtual network gateway is configured in active-active mode. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the virtual network gateway. | +| `resourceGroupName` | string | The resource group the virtual network gateway was deployed. | +| `resourceId` | string | The resource ID of the virtual network gateway. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/public-ip-address` | Local reference | diff --git a/modules/network/virtual-network-gateway/main.json b/modules/network/virtual-network-gateway/main.json index 18b0232c89..0404971daa 100644 --- a/modules/network/virtual-network-gateway/main.json +++ b/modules/network/virtual-network-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8459366170014558708" + "version": "0.22.6.54827", + "templateHash": "1318421731566619997" }, "name": "Virtual Network Gateways", "description": "This module deploys a Virtual Network Gateway.", @@ -539,8 +539,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -873,8 +873,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -1092,8 +1092,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "483133118459920914" + "version": "0.22.6.54827", + "templateHash": "14778714560462406442" }, "name": "VPN Gateway NAT Rules", "description": "This module deploys a Virtual Network Gateway NAT Rule.", @@ -1256,8 +1256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10035364843796427917" + "version": "0.22.6.54827", + "templateHash": "3489304115292603489" } }, "parameters": { diff --git a/modules/network/virtual-network-gateway/nat-rule/README.md b/modules/network/virtual-network-gateway/nat-rule/README.md index 3cd7056388..9bb8945e60 100644 --- a/modules/network/virtual-network-gateway/nat-rule/README.md +++ b/modules/network/virtual-network-gateway/nat-rule/README.md @@ -19,31 +19,87 @@ This module deploys a Virtual Network Gateway NAT Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the NAT rule. | +| [`name`](#parameter-name) | string | The name of the NAT rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualNetworkGatewayName` | string | The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. | +| [`virtualNetworkGatewayName`](#parameter-virtualnetworkgatewayname) | string | The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `externalMappings` | array | `[]` | | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. | -| `internalMappings` | array | `[]` | | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. | -| `ipConfigurationId` | string | `''` | | A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances. | -| `mode` | string | `''` | `['', EgressSnat, IngressSnat]` | The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. | -| `type` | string | `''` | `['', Dynamic, Static]` | The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`externalMappings`](#parameter-externalmappings) | array | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. | +| [`internalMappings`](#parameter-internalmappings) | array | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. | +| [`ipConfigurationId`](#parameter-ipconfigurationid) | string | A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances. | +| [`mode`](#parameter-mode) | string | The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. | +| [`type`](#parameter-type) | string | The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalMappings` + +An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `internalMappings` + +An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipConfigurationId` + +A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `mode` + +The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', EgressSnat, IngressSnat]` + +### Parameter: `name` + +The name of the NAT rule. +- Required: Yes +- Type: string + +### Parameter: `type` + +The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Dynamic, Static]` + +### Parameter: `virtualNetworkGatewayName` + +The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the NAT rule. | | `resourceGroupName` | string | The name of the resource group the NAT rule was deployed into. | diff --git a/modules/network/virtual-network-gateway/nat-rule/main.json b/modules/network/virtual-network-gateway/nat-rule/main.json index 5969b6ecce..8435d984f4 100644 --- a/modules/network/virtual-network-gateway/nat-rule/main.json +++ b/modules/network/virtual-network-gateway/nat-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "483133118459920914" + "version": "0.22.6.54827", + "templateHash": "14778714560462406442" }, "name": "VPN Gateway NAT Rules", "description": "This module deploys a Virtual Network Gateway NAT Rule.", diff --git a/modules/network/virtual-network/.test/common/main.test.bicep b/modules/network/virtual-network/.test/common/main.test.bicep index c0552ce142..832c76cfc0 100644 --- a/modules/network/virtual-network/.test/common/main.test.bicep +++ b/modules/network/virtual-network/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/virtual-network/.test/min/main.test.bicep b/modules/network/virtual-network/.test/min/main.test.bicep index 7148de4655..1cd5b5d90a 100644 --- a/modules/network/virtual-network/.test/min/main.test.bicep +++ b/modules/network/virtual-network/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index 17c45fe91e..cff0a58411 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -4,14 +4,14 @@ This module deploys a Virtual Network (vNet). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,71 +22,29 @@ This module deploys a Virtual Network (vNet). | `Microsoft.Network/virtualNetworks/subnets` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/subnets) | | `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/virtualNetworkPeerings) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefixes` | array | An Array of 1 or more IP Address Prefixes for the Virtual Network. | -| `name` | string | The Virtual Network (vNet) Name. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-network:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `ddosProtectionPlanId` | string | `''` | | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, VMProtectionAlerts]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsServers` | array | `[]` | | DNS Servers associated to the Virtual Network. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `flowTimeoutInMinutes` | int | `0` | | The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `peerings` | array | `[]` | | Virtual Network Peerings configurations. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `subnets` | array | `[]` | | An Array of subnets to deploy to the Virtual Network. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vnetEncryption` | bool | `False` | | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. | -| `vnetEncryptionEnforcement` | string | `'AllowUnencrypted'` | `[AllowUnencrypted, DropUnencrypted]` | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Vnetpeering](#example-3-vnetpeering) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `diagnosticsLogs` | array | The Diagnostic Settings of the virtual network. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual network. | -| `resourceGroupName` | string | The resource group the virtual network was deployed into. | -| `resourceId` | string | The resource ID of the virtual network. | -| `subnetNames` | array | The names of the deployed subnets. | -| `subnetResourceIds` | array | The resource IDs of the deployed subnets. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module virtualNetwork './network/virtual-network/main.bicep' = { +module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvncom' params: { // Required parameters @@ -294,14 +252,17 @@ module virtualNetwork './network/virtual-network/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module virtualNetwork './network/virtual-network/main.bicep' = { +module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvnmin' params: { // Required parameters @@ -347,14 +308,14 @@ module virtualNetwork './network/virtual-network/main.bicep' = {

-

Example 3: Vnetpeering

+### Example 3: _Vnetpeering_
via Bicep module ```bicep -module virtualNetwork './network/virtual-network/main.bicep' = { +module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvnpeer' params: { // Required parameters @@ -455,6 +416,205 @@ module virtualNetwork './network/virtual-network/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefixes`](#parameter-addressprefixes) | array | An Array of 1 or more IP Address Prefixes for the Virtual Network. | +| [`name`](#parameter-name) | string | The Virtual Network (vNet) Name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`ddosProtectionPlanId`](#parameter-ddosprotectionplanid) | string | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`dnsServers`](#parameter-dnsservers) | array | DNS Servers associated to the Virtual Network. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`flowTimeoutInMinutes`](#parameter-flowtimeoutinminutes) | int | The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`peerings`](#parameter-peerings) | array | Virtual Network Peerings configurations. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`subnets`](#parameter-subnets) | array | An Array of subnets to deploy to the Virtual Network. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vnetEncryption`](#parameter-vnetencryption) | bool | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. | +| [`vnetEncryptionEnforcement`](#parameter-vnetencryptionenforcement) | string | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. | + +### Parameter: `addressPrefixes` + +An Array of 1 or more IP Address Prefixes for the Virtual Network. +- Required: Yes +- Type: array + +### Parameter: `ddosProtectionPlanId` + +Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, VMProtectionAlerts]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsServers` + +DNS Servers associated to the Virtual Network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flowTimeoutInMinutes` + +The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The Virtual Network (vNet) Name. +- Required: Yes +- Type: string + +### Parameter: `peerings` + +Virtual Network Peerings configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subnets` + +An Array of subnets to deploy to the Virtual Network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vnetEncryption` + +Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetEncryptionEnforcement` + +If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. +- Required: No +- Type: string +- Default: `'AllowUnencrypted'` +- Allowed: `[AllowUnencrypted, DropUnencrypted]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `diagnosticsLogs` | array | The Diagnostic Settings of the virtual network. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the virtual network. | +| `resourceGroupName` | string | The resource group the virtual network was deployed into. | +| `resourceId` | string | The resource ID of the virtual network. | +| `subnetNames` | array | The names of the deployed subnets. | +| `subnetResourceIds` | array | The resource IDs of the deployed subnets. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/network/virtual-network/main.json b/modules/network/virtual-network/main.json index d246cbd6f8..2da9232c9d 100644 --- a/modules/network/virtual-network/main.json +++ b/modules/network/virtual-network/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12861814735026825278" + "version": "0.22.6.54827", + "templateHash": "6996162426151376576" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", @@ -341,8 +341,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13147389264555337469" + "version": "0.22.6.54827", + "templateHash": "8758167910677571979" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", @@ -537,8 +537,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15642916335871461785" + "version": "0.22.6.54827", + "templateHash": "3698261669800089456" } }, "parameters": { @@ -760,8 +760,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10823477125090405647" + "version": "0.22.6.54827", + "templateHash": "18346996432273628410" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -929,8 +929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10823477125090405647" + "version": "0.22.6.54827", + "templateHash": "18346996432273628410" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -1093,8 +1093,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "826837070159019998" + "version": "0.22.6.54827", + "templateHash": "9735784247686217836" } }, "parameters": { diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md index 8a9dfc4089..643c00ebdc 100644 --- a/modules/network/virtual-network/subnet/README.md +++ b/modules/network/virtual-network/subnet/README.md @@ -21,39 +21,150 @@ This module deploys a Virtual Network Subnet. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `addressPrefix` | string | The address prefix for the subnet. | +| [`addressPrefix`](#parameter-addressprefix) | string | The address prefix for the subnet. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualNetworkName` | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. | +| [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `addressPrefixes` | array | `[]` | | List of address prefixes for the subnet. | -| `applicationGatewayIPConfigurations` | array | `[]` | | Application gateway IP configurations of virtual network resource. | -| `delegations` | array | `[]` | | The delegations to enable on the subnet. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipAllocations` | array | `[]` | | Array of IpAllocation which reference this subnet. | -| `name` | string | | | The Name of the subnet resource. | -| `natGatewayId` | string | `''` | | The resource ID of the NAT Gateway to use for the subnet. | -| `networkSecurityGroupId` | string | `''` | | The resource ID of the network security group to assign to the subnet. | -| `privateEndpointNetworkPolicies` | string | `''` | `['', Disabled, Enabled]` | enable or disable apply network policies on private endpoint in the subnet. | -| `privateLinkServiceNetworkPolicies` | string | `''` | `['', Disabled, Enabled]` | enable or disable apply network policies on private link service in the subnet. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routeTableId` | string | `''` | | The resource ID of the route table to assign to the subnet. | -| `serviceEndpointPolicies` | array | `[]` | | An array of service endpoint policies. | -| `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefixes`](#parameter-addressprefixes) | array | List of address prefixes for the subnet. | +| [`applicationGatewayIPConfigurations`](#parameter-applicationgatewayipconfigurations) | array | Application gateway IP configurations of virtual network resource. | +| [`delegations`](#parameter-delegations) | array | The delegations to enable on the subnet. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipAllocations`](#parameter-ipallocations) | array | Array of IpAllocation which reference this subnet. | +| [`name`](#parameter-name) | string | The Name of the subnet resource. | +| [`natGatewayId`](#parameter-natgatewayid) | string | The resource ID of the NAT Gateway to use for the subnet. | +| [`networkSecurityGroupId`](#parameter-networksecuritygroupid) | string | The resource ID of the network security group to assign to the subnet. | +| [`privateEndpointNetworkPolicies`](#parameter-privateendpointnetworkpolicies) | string | enable or disable apply network policies on private endpoint in the subnet. | +| [`privateLinkServiceNetworkPolicies`](#parameter-privatelinkservicenetworkpolicies) | string | enable or disable apply network policies on private link service in the subnet. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`routeTableId`](#parameter-routetableid) | string | The resource ID of the route table to assign to the subnet. | +| [`serviceEndpointPolicies`](#parameter-serviceendpointpolicies) | array | An array of service endpoint policies. | +| [`serviceEndpoints`](#parameter-serviceendpoints) | array | The service endpoints to enable on the subnet. | + +### Parameter: `addressPrefix` + +The address prefix for the subnet. +- Required: Yes +- Type: string + +### Parameter: `addressPrefixes` + +List of address prefixes for the subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `applicationGatewayIPConfigurations` + +Application gateway IP configurations of virtual network resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `delegations` + +The delegations to enable on the subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipAllocations` + +Array of IpAllocation which reference this subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The Name of the subnet resource. +- Required: Yes +- Type: string + +### Parameter: `natGatewayId` + +The resource ID of the NAT Gateway to use for the subnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `networkSecurityGroupId` + +The resource ID of the network security group to assign to the subnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateEndpointNetworkPolicies` + +enable or disable apply network policies on private endpoint in the subnet. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `privateLinkServiceNetworkPolicies` + +enable or disable apply network policies on private link service in the subnet. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `routeTableId` + +The resource ID of the route table to assign to the subnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceEndpointPolicies` + +An array of service endpoint policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceEndpoints` + +The service endpoints to enable on the subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualNetworkName` + +The name of the parent virtual network. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the virtual network peering. | | `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | diff --git a/modules/network/virtual-network/subnet/main.json b/modules/network/virtual-network/subnet/main.json index aa1af62d0a..084f994df1 100644 --- a/modules/network/virtual-network/subnet/main.json +++ b/modules/network/virtual-network/subnet/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17563066367289258796" + "version": "0.22.6.54827", + "templateHash": "8758167910677571979" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", @@ -200,8 +200,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11765890115463110578" + "version": "0.22.6.54827", + "templateHash": "3698261669800089456" } }, "parameters": { diff --git a/modules/network/virtual-network/virtual-network-peering/README.md b/modules/network/virtual-network/virtual-network-peering/README.md index f5dd0935e8..fb53ca2d3f 100644 --- a/modules/network/virtual-network/virtual-network-peering/README.md +++ b/modules/network/virtual-network/virtual-network-peering/README.md @@ -4,12 +4,12 @@ This module deploys a Virtual Network Peering. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,32 +19,93 @@ This module deploys a Virtual Network Peering. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `remoteVirtualNetworkId` | string | The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. | +| [`remoteVirtualNetworkId`](#parameter-remotevirtualnetworkid) | string | The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `localVnetName` | string | The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. | +| [`localVnetName`](#parameter-localvnetname) | string | The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowForwardedTraffic` | bool | `True` | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. | -| `allowGatewayTransit` | bool | `False` | If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. | -| `allowVirtualNetworkAccess` | bool | `True` | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. | -| `doNotVerifyRemoteGateways` | bool | `True` | If we need to verify the provisioning state of the remote gateway. Default is true. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]` | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. | -| `useRemoteGateways` | bool | `False` | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowForwardedTraffic`](#parameter-allowforwardedtraffic) | bool | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. | +| [`allowGatewayTransit`](#parameter-allowgatewaytransit) | bool | If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. | +| [`allowVirtualNetworkAccess`](#parameter-allowvirtualnetworkaccess) | bool | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. | +| [`doNotVerifyRemoteGateways`](#parameter-donotverifyremotegateways) | bool | If we need to verify the provisioning state of the remote gateway. Default is true. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. | +| [`useRemoteGateways`](#parameter-useremotegateways) | bool | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. | + +### Parameter: `allowForwardedTraffic` + +Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `allowGatewayTransit` + +If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `allowVirtualNetworkAccess` + +Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `doNotVerifyRemoteGateways` + +If we need to verify the provisioning state of the remote gateway. Default is true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `localVnetName` + +The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. +- Required: No +- Type: string +- Default: `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]` + +### Parameter: `remoteVirtualNetworkId` + +The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. +- Required: Yes +- Type: string + +### Parameter: `useRemoteGateways` + +If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the virtual network peering. | | `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | diff --git a/modules/network/virtual-network/virtual-network-peering/main.json b/modules/network/virtual-network/virtual-network-peering/main.json index 50c7a9f2a1..a7efe2dec6 100644 --- a/modules/network/virtual-network/virtual-network-peering/main.json +++ b/modules/network/virtual-network/virtual-network-peering/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6880392752659964193" + "version": "0.22.6.54827", + "templateHash": "18346996432273628410" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", diff --git a/modules/network/virtual-wan/.test/common/main.test.bicep b/modules/network/virtual-wan/.test/common/main.test.bicep index 5b281b7b92..ab7ace98d9 100644 --- a/modules/network/virtual-wan/.test/common/main.test.bicep +++ b/modules/network/virtual-wan/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/virtual-wan/.test/min/main.test.bicep b/modules/network/virtual-wan/.test/min/main.test.bicep index edcf6fe066..8247a6e863 100644 --- a/modules/network/virtual-wan/.test/min/main.test.bicep +++ b/modules/network/virtual-wan/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/virtual-wan/README.md b/modules/network/virtual-wan/README.md index 8039719c7c..4d6f442bb2 100644 --- a/modules/network/virtual-wan/README.md +++ b/modules/network/virtual-wan/README.md @@ -4,13 +4,13 @@ This module deploys a Virtual WAN. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,57 +18,28 @@ This module deploys a Virtual WAN. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/virtualWans` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualWans) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Virtual WAN. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowBranchToBranchTraffic` | bool | `False` | | True if branch to branch traffic is allowed. | -| `allowVnetToVnetTraffic` | bool | `False` | | True if VNET to VNET traffic is allowed. | -| `disableVpnEncryption` | bool | `False` | | VPN encryption to be disabled or not. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `type` | string | `'Standard'` | `[Basic, Standard]` | The type of the Virtual WAN. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual WAN. | -| `resourceGroupName` | string | The resource group the virtual WAN was deployed into. | -| `resourceId` | string | The resource ID of the virtual WAN. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-wan:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module virtualWan './network/virtual-wan/main.bicep' = { +module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvwcom' params: { // Required parameters @@ -158,14 +129,17 @@ module virtualWan './network/virtual-wan/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module virtualWan './network/virtual-wan/main.bicep' = { +module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvwmin' params: { // Required parameters @@ -202,3 +176,111 @@ module virtualWan './network/virtual-wan/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Virtual WAN. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowBranchToBranchTraffic`](#parameter-allowbranchtobranchtraffic) | bool | True if branch to branch traffic is allowed. | +| [`allowVnetToVnetTraffic`](#parameter-allowvnettovnettraffic) | bool | True if VNET to VNET traffic is allowed. | +| [`disableVpnEncryption`](#parameter-disablevpnencryption) | bool | VPN encryption to be disabled or not. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location where all resources will be created. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`type`](#parameter-type) | string | The type of the Virtual WAN. | + +### Parameter: `allowBranchToBranchTraffic` + +True if branch to branch traffic is allowed. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `allowVnetToVnetTraffic` + +True if VNET to VNET traffic is allowed. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableVpnEncryption` + +VPN encryption to be disabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location where all resources will be created. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Virtual WAN. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The type of the Virtual WAN. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Standard]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the virtual WAN. | +| `resourceGroupName` | string | The resource group the virtual WAN was deployed into. | +| `resourceId` | string | The resource ID of the virtual WAN. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/virtual-wan/main.json b/modules/network/virtual-wan/main.json index 7d82f973b8..f7c0e84e62 100644 --- a/modules/network/virtual-wan/main.json +++ b/modules/network/virtual-wan/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2653906358986045673" + "version": "0.22.6.54827", + "templateHash": "6166970702359791938" }, "name": "Virtual WANs", "description": "This module deploys a Virtual WAN.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6282617647386769433" + "version": "0.22.6.54827", + "templateHash": "2713904896388571012" } }, "parameters": { diff --git a/modules/network/vpn-gateway/.test/common/main.test.bicep b/modules/network/vpn-gateway/.test/common/main.test.bicep index 757556890f..7496548a25 100644 --- a/modules/network/vpn-gateway/.test/common/main.test.bicep +++ b/modules/network/vpn-gateway/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/vpn-gateway/.test/min/main.test.bicep b/modules/network/vpn-gateway/.test/min/main.test.bicep index 4e11cce7a9..f050ca9adc 100644 --- a/modules/network/vpn-gateway/.test/min/main.test.bicep +++ b/modules/network/vpn-gateway/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index 8fd26e019d..67cfe344a8 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -5,10 +5,10 @@ This module deploys a VPN Gateway. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -20,59 +20,28 @@ This module deploys a VPN Gateway. | `Microsoft.Network/vpnGateways/natRules` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/vpnGateways/natRules) | | `Microsoft.Network/vpnGateways/vpnConnections` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/vpnGateways/vpnConnections) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the VPN gateway. | -| `virtualHubResourceId` | string | The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `bgpSettings` | object | `{object}` | | BGP settings details. | -| `enableBgpRouteTranslationForNat` | bool | `False` | | Enable BGP routes translation for NAT on this VPN gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `isRoutingPreferenceInternet` | bool | `False` | | Enable routing preference property for the public IP interface of the VPN gateway. | -| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `natRules` | array | `[]` | | List of all the NAT Rules to associate with the gateway. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vpnConnections` | array | `[]` | | The VPN connections to create in the VPN gateway. | -| `vpnGatewayScaleUnit` | int | `2` | | The scale unit for this VPN gateway. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the VPN gateway. | -| `resourceGroupName` | string | The name of the resource group the VPN gateway was deployed into. | -| `resourceId` | string | The resource ID of the VPN gateway. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.vpn-gateway:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module vpnGateway './network/vpn-gateway/main.bicep' = { +module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvgcom' params: { // Required parameters @@ -206,14 +175,17 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module vpnGateway './network/vpn-gateway/main.bicep' = { +module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvgmin' params: { // Required parameters @@ -256,6 +228,127 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the VPN gateway. | +| [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`bgpSettings`](#parameter-bgpsettings) | object | BGP settings details. | +| [`enableBgpRouteTranslationForNat`](#parameter-enablebgproutetranslationfornat) | bool | Enable BGP routes translation for NAT on this VPN gateway. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`isRoutingPreferenceInternet`](#parameter-isroutingpreferenceinternet) | bool | Enable routing preference property for the public IP interface of the VPN gateway. | +| [`location`](#parameter-location) | string | Location where all resources will be created. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`natRules`](#parameter-natrules) | array | List of all the NAT Rules to associate with the gateway. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vpnConnections`](#parameter-vpnconnections) | array | The VPN connections to create in the VPN gateway. | +| [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit for this VPN gateway. | + +### Parameter: `bgpSettings` + +BGP settings details. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableBgpRouteTranslationForNat` + +Enable BGP routes translation for NAT on this VPN gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `isRoutingPreferenceInternet` + +Enable routing preference property for the public IP interface of the VPN gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location where all resources will be created. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the VPN gateway. +- Required: Yes +- Type: string + +### Parameter: `natRules` + +List of all the NAT Rules to associate with the gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualHubResourceId` + +The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. +- Required: Yes +- Type: string + +### Parameter: `vpnConnections` + +The VPN connections to create in the VPN gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `vpnGatewayScaleUnit` + +The scale unit for this VPN gateway. +- Required: No +- Type: int +- Default: `2` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the VPN gateway. | +| `resourceGroupName` | string | The name of the resource group the VPN gateway was deployed into. | +| `resourceId` | string | The resource ID of the VPN gateway. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `bgpSettings` diff --git a/modules/network/vpn-gateway/main.json b/modules/network/vpn-gateway/main.json index d3ab277ddd..16bd090a25 100644 --- a/modules/network/vpn-gateway/main.json +++ b/modules/network/vpn-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7609266096220214410" + "version": "0.22.6.54827", + "templateHash": "9631635231747205865" }, "name": "VPN Gateways", "description": "This module deploys a VPN Gateway.", @@ -183,8 +183,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6459241670864504569" + "version": "0.22.6.54827", + "templateHash": "4165642550711844737" }, "name": "VPN Gateway NAT Rules", "description": "This module deploys a VPN Gateway NAT Rule.", @@ -357,8 +357,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9210756491180563718" + "version": "0.22.6.54827", + "templateHash": "13660788048333105050" }, "name": "VPN Gateway VPN Connections", "description": "This module deploys a VPN Gateway VPN Connection.", diff --git a/modules/network/vpn-gateway/nat-rule/README.md b/modules/network/vpn-gateway/nat-rule/README.md index 6155ca0fc1..8ce3c4b7a9 100644 --- a/modules/network/vpn-gateway/nat-rule/README.md +++ b/modules/network/vpn-gateway/nat-rule/README.md @@ -19,31 +19,87 @@ This module deploys a VPN Gateway NAT Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the NAT rule. | +| [`name`](#parameter-name) | string | The name of the NAT rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `vpnGatewayName` | string | The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. | +| [`vpnGatewayName`](#parameter-vpngatewayname) | string | The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `externalMappings` | array | `[]` | | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. | -| `internalMappings` | array | `[]` | | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. | -| `ipConfigurationId` | string | `''` | | A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. | -| `mode` | string | `''` | `['', EgressSnat, IngressSnat]` | The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. | -| `type` | string | `''` | `['', Dynamic, Static]` | The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`externalMappings`](#parameter-externalmappings) | array | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. | +| [`internalMappings`](#parameter-internalmappings) | array | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. | +| [`ipConfigurationId`](#parameter-ipconfigurationid) | string | A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. | +| [`mode`](#parameter-mode) | string | The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. | +| [`type`](#parameter-type) | string | The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalMappings` + +An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `internalMappings` + +An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipConfigurationId` + +A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `mode` + +The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', EgressSnat, IngressSnat]` + +### Parameter: `name` + +The name of the NAT rule. +- Required: Yes +- Type: string + +### Parameter: `type` + +The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Dynamic, Static]` + +### Parameter: `vpnGatewayName` + +The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the NAT rule. | | `resourceGroupName` | string | The name of the resource group the NAT rule was deployed into. | diff --git a/modules/network/vpn-gateway/nat-rule/main.json b/modules/network/vpn-gateway/nat-rule/main.json index 2bf42881b7..9be53d2e0d 100644 --- a/modules/network/vpn-gateway/nat-rule/main.json +++ b/modules/network/vpn-gateway/nat-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6991949008498259337" + "version": "0.22.6.54827", + "templateHash": "4165642550711844737" }, "name": "VPN Gateway NAT Rules", "description": "This module deploys a VPN Gateway NAT Rule.", diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md index 624aacd235..76988787ad 100644 --- a/modules/network/vpn-gateway/vpn-connection/README.md +++ b/modules/network/vpn-gateway/vpn-connection/README.md @@ -20,40 +20,158 @@ This module deploys a VPN Gateway VPN Connection. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the VPN connection. | +| [`name`](#parameter-name) | string | The name of the VPN connection. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `vpnGatewayName` | string | The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. | +| [`vpnGatewayName`](#parameter-vpngatewayname) | string | The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `connectionBandwidth` | int | `10` | | Expected bandwidth in MBPS. | -| `enableBgp` | bool | `False` | | Enable BGP flag. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableInternetSecurity` | bool | `False` | | Enable internet security. | -| `enableRateLimiting` | bool | `False` | | Enable rate limiting. | -| `ipsecPolicies` | array | `[]` | | The IPSec policies to be considered by this connection. | -| `remoteVpnSiteResourceId` | string | `''` | | Reference to a VPN site to link to. | -| `routingConfiguration` | object | `{object}` | | Routing configuration indicating the associated and propagated route tables for this connection. | -| `routingWeight` | int | `0` | | Routing weight for VPN connection. | -| `sharedKey` | securestring | `''` | | SharedKey for the VPN connection. | -| `trafficSelectorPolicies` | array | `[]` | | The traffic selector policies to be considered by this connection. | -| `useLocalAzureIpAddress` | bool | `False` | | Use local Azure IP to initiate connection. | -| `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. | -| `vpnConnectionProtocolType` | string | `'IKEv2'` | `[IKEv1, IKEv2]` | Gateway connection protocol. | -| `vpnLinkConnections` | array | `[]` | | List of all VPN site link connections to the gateway. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`connectionBandwidth`](#parameter-connectionbandwidth) | int | Expected bandwidth in MBPS. | +| [`enableBgp`](#parameter-enablebgp) | bool | Enable BGP flag. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. | +| [`enableRateLimiting`](#parameter-enableratelimiting) | bool | Enable rate limiting. | +| [`ipsecPolicies`](#parameter-ipsecpolicies) | array | The IPSec policies to be considered by this connection. | +| [`remoteVpnSiteResourceId`](#parameter-remotevpnsiteresourceid) | string | Reference to a VPN site to link to. | +| [`routingConfiguration`](#parameter-routingconfiguration) | object | Routing configuration indicating the associated and propagated route tables for this connection. | +| [`routingWeight`](#parameter-routingweight) | int | Routing weight for VPN connection. | +| [`sharedKey`](#parameter-sharedkey) | securestring | SharedKey for the VPN connection. | +| [`trafficSelectorPolicies`](#parameter-trafficselectorpolicies) | array | The traffic selector policies to be considered by this connection. | +| [`useLocalAzureIpAddress`](#parameter-uselocalazureipaddress) | bool | Use local Azure IP to initiate connection. | +| [`usePolicyBasedTrafficSelectors`](#parameter-usepolicybasedtrafficselectors) | bool | Enable policy-based traffic selectors. | +| [`vpnConnectionProtocolType`](#parameter-vpnconnectionprotocoltype) | string | Gateway connection protocol. | +| [`vpnLinkConnections`](#parameter-vpnlinkconnections) | array | List of all VPN site link connections to the gateway. | + +### Parameter: `connectionBandwidth` + +Expected bandwidth in MBPS. +- Required: No +- Type: int +- Default: `10` + +### Parameter: `enableBgp` + +Enable BGP flag. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableInternetSecurity` + +Enable internet security. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRateLimiting` + +Enable rate limiting. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `ipsecPolicies` + +The IPSec policies to be considered by this connection. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the VPN connection. +- Required: Yes +- Type: string + +### Parameter: `remoteVpnSiteResourceId` + +Reference to a VPN site to link to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `routingConfiguration` + +Routing configuration indicating the associated and propagated route tables for this connection. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `routingWeight` + +Routing weight for VPN connection. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `sharedKey` + +SharedKey for the VPN connection. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `trafficSelectorPolicies` + +The traffic selector policies to be considered by this connection. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `useLocalAzureIpAddress` + +Use local Azure IP to initiate connection. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `usePolicyBasedTrafficSelectors` + +Enable policy-based traffic selectors. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vpnConnectionProtocolType` + +Gateway connection protocol. +- Required: No +- Type: string +- Default: `'IKEv2'` +- Allowed: `[IKEv1, IKEv2]` + +### Parameter: `vpnGatewayName` + +The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `vpnLinkConnections` + +List of all VPN site link connections to the gateway. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the VPN connection. | | `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. | diff --git a/modules/network/vpn-gateway/vpn-connection/main.json b/modules/network/vpn-gateway/vpn-connection/main.json index e626d18b2a..a4ad3b7923 100644 --- a/modules/network/vpn-gateway/vpn-connection/main.json +++ b/modules/network/vpn-gateway/vpn-connection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9210756491180563718" + "version": "0.22.6.54827", + "templateHash": "13660788048333105050" }, "name": "VPN Gateway VPN Connections", "description": "This module deploys a VPN Gateway VPN Connection.", diff --git a/modules/network/vpn-site/.test/common/main.test.bicep b/modules/network/vpn-site/.test/common/main.test.bicep index e1b0470cd9..bfcbcbb6ad 100644 --- a/modules/network/vpn-site/.test/common/main.test.bicep +++ b/modules/network/vpn-site/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/vpn-site/.test/min/main.test.bicep b/modules/network/vpn-site/.test/min/main.test.bicep index f20486d112..7a564ddcfa 100644 --- a/modules/network/vpn-site/.test/min/main.test.bicep +++ b/modules/network/vpn-site/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index ea575095be..d231248df9 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -5,10 +5,10 @@ This module deploys a VPN Site. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -19,66 +19,28 @@ This module deploys a VPN Site. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/vpnSites` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/vpnSites) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the VPN Site. | -| `virtualWanId` | string | Resource ID of the virtual WAN to link to. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefixes` | array | An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. | -| `bgpProperties` | object | BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `deviceProperties` | object | `{object}` | | List of properties of the device. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipAddress` | string | `''` | | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | -| `isSecuritySite` | bool | `False` | | IsSecuritySite flag. | -| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `o365Policy` | object | `{object}` | | The Office365 breakout policy. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vpnSiteLinks` | array | `[]` | | List of all VPN site links. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the VPN site. | -| `resourceGroupName` | string | The resource group the VPN site was deployed into. | -| `resourceId` | string | The resource ID of the VPN site. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.vpn-site:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module vpnSite './network/vpn-site/main.bicep' = { +module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvscom' params: { // Required parameters @@ -242,14 +204,17 @@ module vpnSite './network/vpn-site/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module vpnSite './network/vpn-site/main.bicep' = { +module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nvsmin' params: { // Required parameters @@ -304,6 +269,148 @@ module vpnSite './network/vpn-site/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the VPN Site. | +| [`virtualWanId`](#parameter-virtualwanid) | string | Resource ID of the virtual WAN to link to. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefixes`](#parameter-addressprefixes) | array | An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. | +| [`bgpProperties`](#parameter-bgpproperties) | object | BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deviceProperties`](#parameter-deviceproperties) | object | List of properties of the device. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipAddress`](#parameter-ipaddress) | string | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | +| [`isSecuritySite`](#parameter-issecuritysite) | bool | IsSecuritySite flag. | +| [`location`](#parameter-location) | string | Location where all resources will be created. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`o365Policy`](#parameter-o365policy) | object | The Office365 breakout policy. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vpnSiteLinks`](#parameter-vpnsitelinks) | array | List of all VPN site links. | + +### Parameter: `addressPrefixes` + +An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `bgpProperties` + +BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deviceProperties` + +List of properties of the device. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipAddress` + +The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `isSecuritySite` + +IsSecuritySite flag. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location where all resources will be created. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the VPN Site. +- Required: Yes +- Type: string + +### Parameter: `o365Policy` + +The Office365 breakout policy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualWanId` + +Resource ID of the virtual WAN to link to. +- Required: Yes +- Type: string + +### Parameter: `vpnSiteLinks` + +List of all VPN site links. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the VPN site. | +| `resourceGroupName` | string | The resource group the VPN site was deployed into. | +| `resourceId` | string | The resource ID of the VPN site. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage `deviceProperties` diff --git a/modules/network/vpn-site/main.json b/modules/network/vpn-site/main.json index b90f743722..859ddc6ba1 100644 --- a/modules/network/vpn-site/main.json +++ b/modules/network/vpn-site/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13056643175492466003" + "version": "0.22.6.54827", + "templateHash": "1375112363272688444" }, "name": "VPN Sites", "description": "This module deploys a VPN Site.", @@ -192,8 +192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7148202566959237079" + "version": "0.22.6.54827", + "templateHash": "13348048560732484926" } }, "parameters": { diff --git a/modules/operational-insights/workspace/.test/common/main.test.bicep b/modules/operational-insights/workspace/.test/common/main.test.bicep index 3831bb5238..2e994d7fed 100644 --- a/modules/operational-insights/workspace/.test/common/main.test.bicep +++ b/modules/operational-insights/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/operational-insights/workspace/.test/min/main.test.bicep b/modules/operational-insights/workspace/.test/min/main.test.bicep index 365f381b19..cb56d8a1a8 100644 --- a/modules/operational-insights/workspace/.test/min/main.test.bicep +++ b/modules/operational-insights/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md index 1d36c0d1b3..b0e47dc105 100644 --- a/modules/operational-insights/workspace/README.md +++ b/modules/operational-insights/workspace/README.md @@ -4,13 +4,13 @@ This module deploys a Log Analytics Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -27,89 +27,26 @@ This module deploys a Log Analytics Workspace. | `Microsoft.OperationalInsights/workspaces/tables` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2022-10-01/workspaces/tables) | | `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Log Analytics workspace. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `linkedStorageAccounts` | array | List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dailyQuotaGb` | int | `-1` | | The workspace daily quota for ingestion. | -| `dataExports` | array | `[]` | | LAW data export instances to be deployed. | -| `dataRetention` | int | `365` | | Number of days data will be retained for. | -| `dataSources` | array | `[]` | | LAW data sources to configure. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forceCmkForQuery` | bool | `True` | | Indicates whether customer managed storage is mandatory for query management. | -| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the log analytics workspace. | -| `linkedServices` | array | `[]` | | List of services to be linked. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccessForIngestion` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Log Analytics ingestion. | -| `publicNetworkAccessForQuery` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Log Analytics query. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `savedSearches` | array | `[]` | | Kusto Query Language searches to save. | -| `skuCapacityReservationLevel` | int | `100` | | The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000. | -| `skuName` | string | `'PerGB2018'` | `[CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard]` | The name of the SKU. | -| `storageInsightsConfigs` | array | `[]` | | List of storage accounts to be read by the workspace. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tables` | array | `[]` | | LAW custom tables to be deployed. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `useResourcePermissions` | bool | `False` | | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `logAnalyticsWorkspaceId` | string | The ID associated with the workspace. | -| `name` | string | The name of the deployed log analytics workspace. | -| `resourceGroupName` | string | The resource group of the deployed log analytics workspace. | -| `resourceId` | string | The resource ID of the deployed log analytics workspace. | -| `systemAssignedIdentityPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +## Usage examples -| Reference | Type | -| :-- | :-- | -| `operations-management/solution` | Local reference | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/operational-insights.workspace:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Adv](#example-1-adv) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Using only defaults](#example-3-using-only-defaults) -

Example 1: Adv

+### Example 1: _Adv_
via Bicep module ```bicep -module workspace './operational-insights/workspace/main.bicep' = { +module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-oiwadv' params: { // Required parameters @@ -631,14 +568,17 @@ module workspace './operational-insights/workspace/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module workspace './operational-insights/workspace/main.bicep' = { +module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-oiwcom' params: { // Required parameters @@ -1016,14 +956,17 @@ module workspace './operational-insights/workspace/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './operational-insights/workspace/main.bicep' = { +module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-oiwmin' params: { // Required parameters @@ -1060,3 +1003,294 @@ module workspace './operational-insights/workspace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Log Analytics workspace. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`linkedStorageAccounts`](#parameter-linkedstorageaccounts) | array | List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dailyQuotaGb`](#parameter-dailyquotagb) | int | The workspace daily quota for ingestion. | +| [`dataExports`](#parameter-dataexports) | array | LAW data export instances to be deployed. | +| [`dataRetention`](#parameter-dataretention) | int | Number of days data will be retained for. | +| [`dataSources`](#parameter-datasources) | array | LAW data sources to configure. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of a log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forceCmkForQuery`](#parameter-forcecmkforquery) | bool | Indicates whether customer managed storage is mandatory for query management. | +| [`gallerySolutions`](#parameter-gallerysolutions) | array | List of gallerySolutions to be created in the log analytics workspace. | +| [`linkedServices`](#parameter-linkedservices) | array | List of services to be linked. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Log Analytics ingestion. | +| [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Log Analytics query. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`savedSearches`](#parameter-savedsearches) | array | Kusto Query Language searches to save. | +| [`skuCapacityReservationLevel`](#parameter-skucapacityreservationlevel) | int | The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000. | +| [`skuName`](#parameter-skuname) | string | The name of the SKU. | +| [`storageInsightsConfigs`](#parameter-storageinsightsconfigs) | array | List of storage accounts to be read by the workspace. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tables`](#parameter-tables) | array | LAW custom tables to be deployed. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`useResourcePermissions`](#parameter-useresourcepermissions) | bool | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | + +### Parameter: `dailyQuotaGb` + +The workspace daily quota for ingestion. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `dataExports` + +LAW data export instances to be deployed. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataRetention` + +Number of days data will be retained for. +- Required: No +- Type: int +- Default: `365` + +### Parameter: `dataSources` + +LAW data sources to configure. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Audit]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of a log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forceCmkForQuery` + +Indicates whether customer managed storage is mandatory for query management. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gallerySolutions` + +List of gallerySolutions to be created in the log analytics workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `linkedServices` + +List of services to be linked. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `linkedStorageAccounts` + +List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Log Analytics workspace. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccessForIngestion` + +The network access type for accessing Log Analytics ingestion. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `publicNetworkAccessForQuery` + +The network access type for accessing Log Analytics query. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `savedSearches` + +Kusto Query Language searches to save. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacityReservationLevel` + +The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `skuName` + +The name of the SKU. +- Required: No +- Type: string +- Default: `'PerGB2018'` +- Allowed: `[CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard]` + +### Parameter: `storageInsightsConfigs` + +List of storage accounts to be read by the workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tables` + +LAW custom tables to be deployed. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `useResourcePermissions` + +Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `logAnalyticsWorkspaceId` | string | The ID associated with the workspace. | +| `name` | string | The name of the deployed log analytics workspace. | +| `resourceGroupName` | string | The resource group of the deployed log analytics workspace. | +| `resourceId` | string | The resource ID of the deployed log analytics workspace. | +| `systemAssignedIdentityPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/operations-management/solution` | Local reference | diff --git a/modules/operational-insights/workspace/data-export/README.md b/modules/operational-insights/workspace/data-export/README.md index cdf8f03317..74a748b284 100644 --- a/modules/operational-insights/workspace/data-export/README.md +++ b/modules/operational-insights/workspace/data-export/README.md @@ -19,29 +19,69 @@ This module deploys a Log Analytics Workspace Data Export. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The data export rule name. | +| [`name`](#parameter-name) | string | The data export rule name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `destination` | object | `{object}` | Destination properties. | -| `enable` | bool | `False` | Active when enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `tableNames` | array | `[]` | An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`destination`](#parameter-destination) | object | Destination properties. | +| [`enable`](#parameter-enable) | bool | Active when enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`tableNames`](#parameter-tablenames) | array | An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. | + +### Parameter: `destination` + +Destination properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enable` + +Active when enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The data export rule name. +- Required: Yes +- Type: string + +### Parameter: `tableNames` + +An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `workspaceName` + +The name of the parent workspaces. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the data export. | | `resourceGroupName` | string | The name of the resource group the data export was created in. | diff --git a/modules/operational-insights/workspace/data-export/main.json b/modules/operational-insights/workspace/data-export/main.json index 90194a5d43..ee5f16fa67 100644 --- a/modules/operational-insights/workspace/data-export/main.json +++ b/modules/operational-insights/workspace/data-export/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6853475409424559635" + "version": "0.22.6.54827", + "templateHash": "7753879701724594327" }, "name": "Log Analytics Workspace Data Exports", "description": "This module deploys a Log Analytics Workspace Data Export.", diff --git a/modules/operational-insights/workspace/data-source/README.md b/modules/operational-insights/workspace/data-source/README.md index e0d5f9f875..80b966ff99 100644 --- a/modules/operational-insights/workspace/data-source/README.md +++ b/modules/operational-insights/workspace/data-source/README.md @@ -19,39 +19,150 @@ This module deploys a Log Analytics Workspace Data Source. **Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `kind` | string | `'AzureActivityLog'` | `[AzureActivityLog, IISLogs, LinuxPerformanceCollection, LinuxPerformanceObject, LinuxSyslog, LinuxSyslogCollection, WindowsEvent, WindowsPerformanceCounter]` | The kind of the DataSource. | -| `name` | string | | | Name of the solution. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | The kind of the DataSource. | +| [`name`](#parameter-name) | string | Name of the solution. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | +| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `counterName` | string | `''` | Counter name to configure when kind is WindowsPerformanceCounter. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventLogName` | string | `''` | Windows event log name to configure when kind is WindowsEvent. | -| `eventTypes` | array | `[]` | Windows event types to configure when kind is WindowsEvent. | -| `instanceName` | string | `'*'` | Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | -| `intervalSeconds` | int | `60` | Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | -| `linkedResourceId` | string | `''` | Resource ID of the resource to be linked. | -| `objectName` | string | `''` | Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | -| `performanceCounters` | array | `[]` | List of counters to configure when the kind is LinuxPerformanceObject. | -| `state` | string | `''` | State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. | -| `syslogName` | string | `''` | System log to configure when kind is LinuxSyslog. | -| `syslogSeverities` | array | `[]` | Severities to configure when kind is LinuxSyslog. | -| `tags` | object | `{object}` | Tags to configure in the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`counterName`](#parameter-countername) | string | Counter name to configure when kind is WindowsPerformanceCounter. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventLogName`](#parameter-eventlogname) | string | Windows event log name to configure when kind is WindowsEvent. | +| [`eventTypes`](#parameter-eventtypes) | array | Windows event types to configure when kind is WindowsEvent. | +| [`instanceName`](#parameter-instancename) | string | Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | +| [`intervalSeconds`](#parameter-intervalseconds) | int | Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | +| [`linkedResourceId`](#parameter-linkedresourceid) | string | Resource ID of the resource to be linked. | +| [`objectName`](#parameter-objectname) | string | Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | +| [`performanceCounters`](#parameter-performancecounters) | array | List of counters to configure when the kind is LinuxPerformanceObject. | +| [`state`](#parameter-state) | string | State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. | +| [`syslogName`](#parameter-syslogname) | string | System log to configure when kind is LinuxSyslog. | +| [`syslogSeverities`](#parameter-syslogseverities) | array | Severities to configure when kind is LinuxSyslog. | +| [`tags`](#parameter-tags) | object | Tags to configure in the resource. | + +### Parameter: `counterName` + +Counter name to configure when kind is WindowsPerformanceCounter. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventLogName` + +Windows event log name to configure when kind is WindowsEvent. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `eventTypes` + +Windows event types to configure when kind is WindowsEvent. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `instanceName` + +Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. +- Required: No +- Type: string +- Default: `'*'` + +### Parameter: `intervalSeconds` + +Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. +- Required: No +- Type: int +- Default: `60` + +### Parameter: `kind` + +The kind of the DataSource. +- Required: No +- Type: string +- Default: `'AzureActivityLog'` +- Allowed: `[AzureActivityLog, IISLogs, LinuxPerformanceCollection, LinuxPerformanceObject, LinuxSyslog, LinuxSyslogCollection, WindowsEvent, WindowsPerformanceCounter]` + +### Parameter: `linkedResourceId` + +Resource ID of the resource to be linked. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the solution. +- Required: Yes +- Type: string + +### Parameter: `objectName` + +Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `performanceCounters` + +List of counters to configure when the kind is LinuxPerformanceObject. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `state` + +State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `syslogName` + +System log to configure when kind is LinuxSyslog. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `syslogSeverities` + +Severities to configure when kind is LinuxSyslog. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags to configure in the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed data source. | | `resourceGroupName` | string | The resource group where the data source is deployed. | diff --git a/modules/operational-insights/workspace/data-source/main.json b/modules/operational-insights/workspace/data-source/main.json index 12e72aea0f..93d5aef582 100644 --- a/modules/operational-insights/workspace/data-source/main.json +++ b/modules/operational-insights/workspace/data-source/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "526173230944614742" + "version": "0.22.6.54827", + "templateHash": "7994060758159745935" }, "name": "Log Analytics Workspace Datasources", "description": "This module deploys a Log Analytics Workspace Data Source.", diff --git a/modules/operational-insights/workspace/linked-service/README.md b/modules/operational-insights/workspace/linked-service/README.md index 57b5316e53..a05b704e17 100644 --- a/modules/operational-insights/workspace/linked-service/README.md +++ b/modules/operational-insights/workspace/linked-service/README.md @@ -19,29 +19,69 @@ This module deploys a Log Analytics Workspace Linked Service. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the link. | -| `resourceId` | string | `''` | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the link. | +| [`resourceId`](#parameter-resourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | +| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags to configure in the resource. | -| `writeAccessResourceId` | string | `''` | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags to configure in the resource. | +| [`writeAccessResourceId`](#parameter-writeaccessresourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the link. +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags to configure in the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `writeAccessResourceId` + +The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed linked service. | | `resourceGroupName` | string | The resource group where the linked service is deployed. | diff --git a/modules/operational-insights/workspace/linked-service/main.json b/modules/operational-insights/workspace/linked-service/main.json index c66c428091..e0de836475 100644 --- a/modules/operational-insights/workspace/linked-service/main.json +++ b/modules/operational-insights/workspace/linked-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6123492600831728521" + "version": "0.22.6.54827", + "templateHash": "15022791045507209174" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", diff --git a/modules/operational-insights/workspace/linked-storage-account/README.md b/modules/operational-insights/workspace/linked-storage-account/README.md index 67285fba0e..c29ee8ed40 100644 --- a/modules/operational-insights/workspace/linked-storage-account/README.md +++ b/modules/operational-insights/workspace/linked-storage-account/README.md @@ -19,27 +19,53 @@ This module deploys a Log Analytics Workspace Linked Storage Account. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[Alerts, AzureWatson, CustomLogs, Query]` | Name of the link. | -| `resourceId` | string | | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the link. | +| [`resourceId`](#parameter-resourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | +| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the link. +- Required: Yes +- Type: string +- Allowed: `[Alerts, AzureWatson, CustomLogs, Query]` + +### Parameter: `resourceId` + +The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed linked storage account. | | `resourceGroupName` | string | The resource group where the linked storage account is deployed. | diff --git a/modules/operational-insights/workspace/linked-storage-account/main.json b/modules/operational-insights/workspace/linked-storage-account/main.json index ae62d06121..ae3c9c7965 100644 --- a/modules/operational-insights/workspace/linked-storage-account/main.json +++ b/modules/operational-insights/workspace/linked-storage-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17235548432615830542" + "version": "0.22.6.54827", + "templateHash": "2117697022066188694" }, "name": "Log Analytics Workspace Linked Storage Accounts", "description": "This module deploys a Log Analytics Workspace Linked Storage Account.", diff --git a/modules/operational-insights/workspace/main.json b/modules/operational-insights/workspace/main.json index b662e00e8b..67aba2675c 100644 --- a/modules/operational-insights/workspace/main.json +++ b/modules/operational-insights/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10794410731370898440" + "version": "0.22.6.54827", + "templateHash": "13390587976888913833" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace.", @@ -399,8 +399,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6875862134545079569" + "version": "0.22.6.54827", + "templateHash": "6643427484780531502" }, "name": "Log Analytics Workspace Storage Insight Configs", "description": "This module deploys a Log Analytics Workspace Storage Insight Config.", @@ -546,8 +546,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7090165993767697446" + "version": "0.22.6.54827", + "templateHash": "15022791045507209174" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -683,8 +683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4972790707212258352" + "version": "0.22.6.54827", + "templateHash": "2117697022066188694" }, "name": "Log Analytics Workspace Linked Storage Accounts", "description": "This module deploys a Log Analytics Workspace Linked Storage Account.", @@ -821,8 +821,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8574189144245494701" + "version": "0.22.6.54827", + "templateHash": "12667331360871593591" }, "name": "Log Analytics Workspace Saved Searches", "description": "This module deploys a Log Analytics Workspace Saved Search.", @@ -996,8 +996,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13008977267947771049" + "version": "0.22.6.54827", + "templateHash": "7753879701724594327" }, "name": "Log Analytics Workspace Data Exports", "description": "This module deploys a Log Analytics Workspace Data Export.", @@ -1146,8 +1146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17869715776960241714" + "version": "0.22.6.54827", + "templateHash": "7994060758159745935" }, "name": "Log Analytics Workspace Datasources", "description": "This module deploys a Log Analytics Workspace Data Source.", @@ -1376,8 +1376,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13305914804653693951" + "version": "0.22.6.54827", + "templateHash": "9983426146462646968" }, "name": "Log Analytics Workspace Tables", "description": "This module deploys a Log Analytics Workspace Table.", @@ -1548,8 +1548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9052763253522380709" + "version": "0.22.6.54827", + "templateHash": "2318608107759137473" }, "name": "Operations Management Solutions", "description": "This module deploys an Operations Management Solution.", @@ -1702,8 +1702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3735355062180278453" + "version": "0.22.6.54827", + "templateHash": "17191832464911210338" } }, "parameters": { diff --git a/modules/operational-insights/workspace/saved-search/README.md b/modules/operational-insights/workspace/saved-search/README.md index 1db2ca47d5..6d8fabc766 100644 --- a/modules/operational-insights/workspace/saved-search/README.md +++ b/modules/operational-insights/workspace/saved-search/README.md @@ -19,34 +19,106 @@ This module deploys a Log Analytics Workspace Saved Search. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `category` | string | Query category. | -| `displayName` | string | Display name for the search. | -| `name` | string | Name of the saved search. | -| `query` | string | Kusto Query to be stored. | +| [`category`](#parameter-category) | string | Query category. | +| [`displayName`](#parameter-displayname) | string | Display name for the search. | +| [`name`](#parameter-name) | string | Name of the saved search. | +| [`query`](#parameter-query) | string | Kusto Query to be stored. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | +| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `etag` | string | `'*'` | The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. | -| `functionAlias` | string | `''` | The function alias if query serves as a function. | -| `functionParameters` | string | `''` | The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. | -| `tags` | array | `[]` | Tags to configure in the resource. | -| `version` | int | `2` | The version number of the query language. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`etag`](#parameter-etag) | string | The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. | +| [`functionAlias`](#parameter-functionalias) | string | The function alias if query serves as a function. | +| [`functionParameters`](#parameter-functionparameters) | string | The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. | +| [`tags`](#parameter-tags) | array | Tags to configure in the resource. | +| [`version`](#parameter-version) | int | The version number of the query language. | + +### Parameter: `category` + +Query category. +- Required: Yes +- Type: string + +### Parameter: `displayName` + +Display name for the search. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `etag` + +The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. +- Required: No +- Type: string +- Default: `'*'` + +### Parameter: `functionAlias` + +The function alias if query serves as a function. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `functionParameters` + +The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the saved search. +- Required: Yes +- Type: string + +### Parameter: `query` + +Kusto Query to be stored. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags to configure in the resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `version` + +The version number of the query language. +- Required: No +- Type: int +- Default: `2` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed saved search. | | `resourceGroupName` | string | The resource group where the saved search is deployed. | diff --git a/modules/operational-insights/workspace/saved-search/main.json b/modules/operational-insights/workspace/saved-search/main.json index 7fc7ee5138..43332dd89b 100644 --- a/modules/operational-insights/workspace/saved-search/main.json +++ b/modules/operational-insights/workspace/saved-search/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8574189144245494701" + "version": "0.22.6.54827", + "templateHash": "12667331360871593591" }, "name": "Log Analytics Workspace Saved Searches", "description": "This module deploys a Log Analytics Workspace Saved Search.", diff --git a/modules/operational-insights/workspace/storage-insight-config/README.md b/modules/operational-insights/workspace/storage-insight-config/README.md index 032ee4b2c8..4d77ca61f1 100644 --- a/modules/operational-insights/workspace/storage-insight-config/README.md +++ b/modules/operational-insights/workspace/storage-insight-config/README.md @@ -19,30 +19,77 @@ This module deploys a Log Analytics Workspace Storage Insight Config. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountResourceId` | string | The Azure Resource Manager ID of the storage account resource. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | The Azure Resource Manager ID of the storage account resource. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | +| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `containers` | array | `[]` | The names of the blob containers that the workspace should read. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-stinsconfig', last(split(parameters('storageAccountResourceId'), '/')))]` | The name of the storage insights config. | -| `tables` | array | `[]` | The names of the Azure tables that the workspace should read. | -| `tags` | object | `{object}` | Tags to configure in the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | The names of the blob containers that the workspace should read. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the storage insights config. | +| [`tables`](#parameter-tables) | array | The names of the Azure tables that the workspace should read. | +| [`tags`](#parameter-tags) | object | Tags to configure in the resource. | + +### Parameter: `containers` + +The names of the blob containers that the workspace should read. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the storage insights config. +- Required: No +- Type: string +- Default: `[format('{0}-stinsconfig', last(split(parameters('storageAccountResourceId'), '/')))]` + +### Parameter: `storageAccountResourceId` + +The Azure Resource Manager ID of the storage account resource. +- Required: Yes +- Type: string + +### Parameter: `tables` + +The names of the Azure tables that the workspace should read. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags to configure in the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the storage insights configuration. | | `resourceGroupName` | string | The resource group where the storage insight configuration is deployed. | diff --git a/modules/operational-insights/workspace/storage-insight-config/main.json b/modules/operational-insights/workspace/storage-insight-config/main.json index 86d2fdda8b..d5e4378634 100644 --- a/modules/operational-insights/workspace/storage-insight-config/main.json +++ b/modules/operational-insights/workspace/storage-insight-config/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5679144933666454393" + "version": "0.22.6.54827", + "templateHash": "6643427484780531502" }, "name": "Log Analytics Workspace Storage Insight Configs", "description": "This module deploys a Log Analytics Workspace Storage Insight Config.", diff --git a/modules/operational-insights/workspace/table/README.md b/modules/operational-insights/workspace/table/README.md index 3dde1dedf4..d3d75c4af5 100644 --- a/modules/operational-insights/workspace/table/README.md +++ b/modules/operational-insights/workspace/table/README.md @@ -19,32 +19,94 @@ This module deploys a Log Analytics Workspace Table. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the table. | +| [`name`](#parameter-name) | string | The name of the table. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `plan` | string | `'Analytics'` | `[Analytics, Basic]` | Instruct the system how to handle and charge the logs ingested to this table. | -| `restoredLogs` | object | `{object}` | | Restore parameters. | -| `retentionInDays` | int | `-1` | | The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention. | -| `schema` | object | `{object}` | | Table's schema. | -| `searchResults` | object | `{object}` | | Parameters of the search job that initiated this table. | -| `totalRetentionInDays` | int | `-1` | | The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`plan`](#parameter-plan) | string | Instruct the system how to handle and charge the logs ingested to this table. | +| [`restoredLogs`](#parameter-restoredlogs) | object | Restore parameters. | +| [`retentionInDays`](#parameter-retentionindays) | int | The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention. | +| [`schema`](#parameter-schema) | object | Table's schema. | +| [`searchResults`](#parameter-searchresults) | object | Parameters of the search job that initiated this table. | +| [`totalRetentionInDays`](#parameter-totalretentionindays) | int | The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the table. +- Required: Yes +- Type: string + +### Parameter: `plan` + +Instruct the system how to handle and charge the logs ingested to this table. +- Required: No +- Type: string +- Default: `'Analytics'` +- Allowed: `[Analytics, Basic]` + +### Parameter: `restoredLogs` + +Restore parameters. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `retentionInDays` + +The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `schema` + +Table's schema. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `searchResults` + +Parameters of the search job that initiated this table. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `totalRetentionInDays` + +The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `workspaceName` + +The name of the parent workspaces. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the table. | | `resourceGroupName` | string | The name of the resource group the table was created in. | diff --git a/modules/operational-insights/workspace/table/main.json b/modules/operational-insights/workspace/table/main.json index 83bbc2a91d..91a62f8371 100644 --- a/modules/operational-insights/workspace/table/main.json +++ b/modules/operational-insights/workspace/table/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "761158132904084297" + "version": "0.22.6.54827", + "templateHash": "9983426146462646968" }, "name": "Log Analytics Workspace Tables", "description": "This module deploys a Log Analytics Workspace Table.", diff --git a/modules/operations-management/solution/.test/min/main.test.bicep b/modules/operations-management/solution/.test/min/main.test.bicep index 4fa83443b2..0fea432bd3 100644 --- a/modules/operations-management/solution/.test/min/main.test.bicep +++ b/modules/operations-management/solution/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/operations-management/solution/README.md b/modules/operations-management/solution/README.md index bb0ffe8148..d40752a387 100644 --- a/modules/operations-management/solution/README.md +++ b/modules/operations-management/solution/README.md @@ -5,10 +5,10 @@ This module deploys an Operations Management Solution. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,53 +16,29 @@ This module deploys an Operations Management Solution. | :-- | :-- | | `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. | -| `name` | string | Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/operations-management.solution:1.0.0`. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `product` | string | `'OMSGallery'` | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. | -| `publisher` | string | `'Microsoft'` | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. | - - -## Outputs +- [Using only defaults](#example-1-using-only-defaults) +- [Ms](#example-2-ms) +- [Nonms](#example-3-nonms) -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed solution. | -| `resourceGroupName` | string | The resource group where the solution is deployed. | -| `resourceId` | string | The resource ID of the deployed solution. | +### Example 1: _Using only defaults_ -## Cross-referenced modules +This instance deploys the module with the minimum set of required parameters. -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Min

via Bicep module ```bicep -module solution './operations-management/solution/main.bicep' = { +module solution 'br:bicep/modules/operations-management.solution:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-omsmin' params: { // Required parameters @@ -104,14 +80,14 @@ module solution './operations-management/solution/main.bicep' = {

-

Example 2: Ms

+### Example 2: _Ms_
via Bicep module ```bicep -module solution './operations-management/solution/main.bicep' = { +module solution 'br:bicep/modules/operations-management.solution:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-omsms' params: { // Required parameters @@ -161,14 +137,14 @@ module solution './operations-management/solution/main.bicep' = {

-

Example 3: Nonms

+### Example 3: _Nonms_
via Bicep module ```bicep -module solution './operations-management/solution/main.bicep' = { +module solution 'br:bicep/modules/operations-management.solution:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-omsnonms' params: { // Required parameters @@ -217,3 +193,76 @@ module solution './operations-management/solution/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. | +| [`name`](#parameter-name) | string | Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`product`](#parameter-product) | string | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. | +| [`publisher`](#parameter-publisher) | string | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `logAnalyticsWorkspaceName` + +Name of the Log Analytics workspace where the solution will be deployed/enabled. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. +- Required: Yes +- Type: string + +### Parameter: `product` + +The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. +- Required: No +- Type: string +- Default: `'OMSGallery'` + +### Parameter: `publisher` + +The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. +- Required: No +- Type: string +- Default: `'Microsoft'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed solution. | +| `resourceGroupName` | string | The resource group where the solution is deployed. | +| `resourceId` | string | The resource ID of the deployed solution. | + +## Cross-referenced modules + +_None_ diff --git a/modules/operations-management/solution/main.json b/modules/operations-management/solution/main.json index 6ff5586ce1..a2c344b5ad 100644 --- a/modules/operations-management/solution/main.json +++ b/modules/operations-management/solution/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9052763253522380709" + "version": "0.22.6.54827", + "templateHash": "2318608107759137473" }, "name": "Operations Management Solutions", "description": "This module deploys an Operations Management Solution.", diff --git a/modules/policy-insights/remediation/README.md b/modules/policy-insights/remediation/README.md index cb7a763830..58d11035d5 100644 --- a/modules/policy-insights/remediation/README.md +++ b/modules/policy-insights/remediation/README.md @@ -5,10 +5,10 @@ This module deploys a Policy Insights Remediation. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -17,59 +17,29 @@ This module deploys a Policy Insights Remediation. | :-- | :-- | | `Microsoft.PolicyInsights/remediations` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.PolicyInsights/2021-10-01/remediations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy remediation. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | -| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | -| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | -| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | -| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | -| `resourceGroupName` | string | `''` | | The target scope for the remediation. The name of the resource group for the policy assignment. | -| `subscriptionId` | string | `''` | | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the remediation. | -| `resourceId` | string | The resource ID of the remediation. | - -## Cross-referenced modules +## Usage examples -_None_ +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/policy-insights.remediation:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) -

Example 1: Mg.Common

+### Example 1: _Mg.Common_
via Bicep module ```bicep -module remediation './policy-insights/remediation/main.bicep' = { +module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-pirmgcom' params: { // Required parameters @@ -143,14 +113,14 @@ module remediation './policy-insights/remediation/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module remediation './policy-insights/remediation/main.bicep' = { +module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pirmgmin' params: { // Required parameters @@ -192,14 +162,14 @@ module remediation './policy-insights/remediation/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module remediation './policy-insights/remediation/main.bicep' = { +module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pirrgcom' params: { // Required parameters @@ -273,14 +243,14 @@ module remediation './policy-insights/remediation/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module remediation './policy-insights/remediation/main.bicep' = { +module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pirrgmin' params: { // Required parameters @@ -322,14 +292,14 @@ module remediation './policy-insights/remediation/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module remediation './policy-insights/remediation/main.bicep' = { +module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pirsubcom' params: { // Required parameters @@ -403,14 +373,14 @@ module remediation './policy-insights/remediation/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module remediation './policy-insights/remediation/main.bicep' = { +module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pirsubmin' params: { // Required parameters @@ -453,6 +423,134 @@ module remediation './policy-insights/remediation/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | +| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | +| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | +| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | +| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The target scope for the remediation. The name of the resource group for the policy assignment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `failureThresholdPercentage` + +The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. +- Required: No +- Type: string +- Default: `'1'` + +### Parameter: `filtersLocations` + +The filters that will be applied to determine which resources to remediate. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `name` + +Specifies the name of the policy remediation. +- Required: Yes +- Type: string + +### Parameter: `parallelDeployments` + +Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. +- Required: No +- Type: int +- Default: `10` + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceId` + +The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceCount` + +Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. +- Required: No +- Type: int +- Default: `500` + +### Parameter: `resourceDiscoveryMode` + +The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. +- Required: No +- Type: string +- Default: `'ExistingNonCompliant'` +- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]` + +### Parameter: `resourceGroupName` + +The target scope for the remediation. The name of the resource group for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionId` + +The target scope for the remediation. The subscription ID of the subscription for the policy assignment. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the remediation. | +| `resourceId` | string | The resource ID of the remediation. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `managementGroupId` diff --git a/modules/policy-insights/remediation/main.json b/modules/policy-insights/remediation/main.json index c87b56a9bd..cc27386cb2 100644 --- a/modules/policy-insights/remediation/main.json +++ b/modules/policy-insights/remediation/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9470777729167902898" + "version": "0.22.6.54827", + "templateHash": "4742101117506662139" }, "name": "Policy Insights Remediations", "description": "This module deploys a Policy Insights Remediation.", @@ -179,8 +179,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5184556478687760186" + "version": "0.22.6.54827", + "templateHash": "9807832589850582654" }, "name": "Policy Insights Remediations (Management Group scope)", "description": "This module deploys a Policy Insights Remediation on a Management Group scope.", @@ -375,8 +375,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9797290259140842527" + "version": "0.22.6.54827", + "templateHash": "8491362450892267233" }, "name": "Policy Insights Remediations (Subscription scope)", "description": "This module deploys a Policy Insights Remediation on a Subscription scope.", @@ -571,8 +571,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15508810300941948916" + "version": "0.22.6.54827", + "templateHash": "1603868954809777625" }, "name": "Policy Insights Remediations (Resource Group scope)", "description": "This module deploys a Policy Insights Remediation on a Resource Group scope.", diff --git a/modules/policy-insights/remediation/management-group/README.md b/modules/policy-insights/remediation/management-group/README.md index 7a747eb168..f7bb79c449 100644 --- a/modules/policy-insights/remediation/management-group/README.md +++ b/modules/policy-insights/remediation/management-group/README.md @@ -19,28 +19,97 @@ This module deploys a Policy Insights Remediation on a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy remediation. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. | +| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | -| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | -| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | -| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | -| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | +| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | +| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | +| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | +| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `failureThresholdPercentage` + +The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. +- Required: No +- Type: string +- Default: `'1'` + +### Parameter: `filtersLocations` + +The filters that will be applied to determine which resources to remediate. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +Specifies the name of the policy remediation. +- Required: Yes +- Type: string + +### Parameter: `parallelDeployments` + +Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. +- Required: No +- Type: int +- Default: `10` + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceId` + +The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceCount` + +Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. +- Required: No +- Type: int +- Default: `500` + +### Parameter: `resourceDiscoveryMode` + +The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. +- Required: No +- Type: string +- Default: `'ExistingNonCompliant'` +- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the remediation. | diff --git a/modules/policy-insights/remediation/management-group/main.json b/modules/policy-insights/remediation/management-group/main.json index 0a87c250c0..bc27183d72 100644 --- a/modules/policy-insights/remediation/management-group/main.json +++ b/modules/policy-insights/remediation/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1304798094791157917" + "version": "0.22.6.54827", + "templateHash": "9807832589850582654" }, "name": "Policy Insights Remediations (Management Group scope)", "description": "This module deploys a Policy Insights Remediation on a Management Group scope.", diff --git a/modules/policy-insights/remediation/resource-group/README.md b/modules/policy-insights/remediation/resource-group/README.md index 88c4aa8f58..a354a06627 100644 --- a/modules/policy-insights/remediation/resource-group/README.md +++ b/modules/policy-insights/remediation/resource-group/README.md @@ -19,28 +19,97 @@ This module deploys a Policy Insights Remediation on a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy remediation. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. | +| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | -| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. | -| `location` | string | `[resourceGroup().location]` | | Location deployment metadata. | -| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | -| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | -| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | -| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | +| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | +| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | +| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | +| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `failureThresholdPercentage` + +The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. +- Required: No +- Type: string +- Default: `'1'` + +### Parameter: `filtersLocations` + +The filters that will be applied to determine which resources to remediate. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Specifies the name of the policy remediation. +- Required: Yes +- Type: string + +### Parameter: `parallelDeployments` + +Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. +- Required: No +- Type: int +- Default: `10` + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceId` + +The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceCount` + +Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. +- Required: No +- Type: int +- Default: `500` + +### Parameter: `resourceDiscoveryMode` + +The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. +- Required: No +- Type: string +- Default: `'ExistingNonCompliant'` +- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the remediation. | diff --git a/modules/policy-insights/remediation/resource-group/main.json b/modules/policy-insights/remediation/resource-group/main.json index be6c9e58b0..ec8b34293a 100644 --- a/modules/policy-insights/remediation/resource-group/main.json +++ b/modules/policy-insights/remediation/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16839903448259241444" + "version": "0.22.6.54827", + "templateHash": "1603868954809777625" }, "name": "Policy Insights Remediations (Resource Group scope)", "description": "This module deploys a Policy Insights Remediation on a Resource Group scope.", diff --git a/modules/policy-insights/remediation/subscription/README.md b/modules/policy-insights/remediation/subscription/README.md index 82a91bb72b..0ed9328e97 100644 --- a/modules/policy-insights/remediation/subscription/README.md +++ b/modules/policy-insights/remediation/subscription/README.md @@ -19,28 +19,97 @@ This module deploys a Policy Insights Remediation on a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy remediation. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. | +| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | -| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | -| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | -| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | -| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. | +| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. | +| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | +| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | +| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `failureThresholdPercentage` + +The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. +- Required: No +- Type: string +- Default: `'1'` + +### Parameter: `filtersLocations` + +The filters that will be applied to determine which resources to remediate. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +Specifies the name of the policy remediation. +- Required: Yes +- Type: string + +### Parameter: `parallelDeployments` + +Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. +- Required: No +- Type: int +- Default: `10` + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceId` + +The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceCount` + +Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. +- Required: No +- Type: int +- Default: `500` + +### Parameter: `resourceDiscoveryMode` + +The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. +- Required: No +- Type: string +- Default: `'ExistingNonCompliant'` +- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the remediation. | diff --git a/modules/policy-insights/remediation/subscription/main.json b/modules/policy-insights/remediation/subscription/main.json index 499c963670..b7d7bb8b13 100644 --- a/modules/policy-insights/remediation/subscription/main.json +++ b/modules/policy-insights/remediation/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16781098206548824638" + "version": "0.22.6.54827", + "templateHash": "8491362450892267233" }, "name": "Policy Insights Remediations (Subscription scope)", "description": "This module deploys a Policy Insights Remediation on a Subscription scope.", diff --git a/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep b/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep index 8a9b62ee77..e2222db5b8 100644 --- a/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep +++ b/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep b/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep index fee53d9951..dea599ae13 100644 --- a/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep +++ b/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/power-bi-dedicated/capacity/README.md b/modules/power-bi-dedicated/capacity/README.md index a5f670d0ad..8257071543 100644 --- a/modules/power-bi-dedicated/capacity/README.md +++ b/modules/power-bi-dedicated/capacity/README.md @@ -5,10 +5,10 @@ This module deploys a Power BI Dedicated Capacity. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,58 +18,28 @@ This module deploys a Power BI Dedicated Capacity. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.PowerBIDedicated/capacities` | [2021-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.PowerBIDedicated/2021-01-01/capacities) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `members` | array | Members of the resource. | -| `name` | string | Name of the PowerBI Embedded. | -| `skuCapacity` | int | SkuCapacity of the resource. | - -**Optional parameters** +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, NotSpecified, ReadOnly]` | Specify the type of lock. | -| `mode` | string | `'Gen2'` | `[Gen1, Gen2]` | Mode of the resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'A1'` | `[A1, A2, A3, A4, A5, A6]` | SkuCapacity of the resource. | -| `skuTier` | string | `'PBIE_Azure'` | `[AutoPremiumHost, PBIE_Azure, Premium]` | SkuCapacity of the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/power-bi-dedicated.capacity:1.0.0`. +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the PowerBi Embedded. | -| `resourceGroupName` | string | The name of the resource group the PowerBi Embedded was created in. | -| `resourceId` | string | The resource ID of the PowerBi Embedded. | - -## Cross-referenced modules - -_None_ - -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module capacity './power-bi-dedicated/capacity/main.bicep' = { +module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-pbdcapcom' params: { // Required parameters @@ -155,14 +125,17 @@ module capacity './power-bi-dedicated/capacity/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module capacity './power-bi-dedicated/capacity/main.bicep' = { +module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-pbdcapmin' params: { // Required parameters @@ -211,3 +184,119 @@ module capacity './power-bi-dedicated/capacity/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`members`](#parameter-members) | array | Members of the resource. | +| [`name`](#parameter-name) | string | Name of the PowerBI Embedded. | +| [`skuCapacity`](#parameter-skucapacity) | int | SkuCapacity of the resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`mode`](#parameter-mode) | string | Mode of the resource. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | SkuCapacity of the resource. | +| [`skuTier`](#parameter-skutier) | string | SkuCapacity of the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, NotSpecified, ReadOnly]` + +### Parameter: `members` + +Members of the resource. +- Required: Yes +- Type: array + +### Parameter: `mode` + +Mode of the resource. +- Required: No +- Type: string +- Default: `'Gen2'` +- Allowed: `[Gen1, Gen2]` + +### Parameter: `name` + +Name of the PowerBI Embedded. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +SkuCapacity of the resource. +- Required: Yes +- Type: int + +### Parameter: `skuName` + +SkuCapacity of the resource. +- Required: No +- Type: string +- Default: `'A1'` +- Allowed: `[A1, A2, A3, A4, A5, A6]` + +### Parameter: `skuTier` + +SkuCapacity of the resource. +- Required: No +- Type: string +- Default: `'PBIE_Azure'` +- Allowed: `[AutoPremiumHost, PBIE_Azure, Premium]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the PowerBi Embedded. | +| `resourceGroupName` | string | The name of the resource group the PowerBi Embedded was created in. | +| `resourceId` | string | The resource ID of the PowerBi Embedded. | + +## Cross-referenced modules + +_None_ diff --git a/modules/power-bi-dedicated/capacity/main.json b/modules/power-bi-dedicated/capacity/main.json index 7e34e223ae..aafdb27cf3 100644 --- a/modules/power-bi-dedicated/capacity/main.json +++ b/modules/power-bi-dedicated/capacity/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "924797605355156375" + "version": "0.22.6.54827", + "templateHash": "9399428020393768552" }, "name": "Power BI Dedicated Capacities", "description": "This module deploys a Power BI Dedicated Capacity.", @@ -184,8 +184,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18119555403422726514" + "version": "0.22.6.54827", + "templateHash": "4655209444733495279" } }, "parameters": { diff --git a/modules/purview/account/.test/common/main.test.bicep b/modules/purview/account/.test/common/main.test.bicep index c716eb8807..e2746b7ebf 100644 --- a/modules/purview/account/.test/common/main.test.bicep +++ b/modules/purview/account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/purview/account/.test/min/main.test.bicep b/modules/purview/account/.test/min/main.test.bicep index bdafc9b679..8cf13684b3 100644 --- a/modules/purview/account/.test/min/main.test.bicep +++ b/modules/purview/account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/purview/account/README.md b/modules/purview/account/README.md index ea412e85c2..78a48d77ad 100644 --- a/modules/purview/account/README.md +++ b/modules/purview/account/README.md @@ -5,10 +5,10 @@ This module deploys a Purview Account. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -21,77 +21,28 @@ This module deploys a Purview Account. | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.Purview/accounts` | [2021-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Purview/2021-07-01/accounts) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Purview Account. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accountPrivateEndpoints` | array | `[]` | | Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DataSensitivity, PurviewAccountAuditEvents, ScanStatus]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventHubPrivateEndpoints` | array | `[]` | | Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedResourceGroupName` | string | `[format('managed-rg-{0}', parameters('name'))]` | | The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. | -| `portalPrivateEndpoints` | array | `[]` | | Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. | -| `publicNetworkAccess` | string | `'NotSpecified'` | `[Disabled, Enabled, NotSpecified]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `storageBlobPrivateEndpoints` | array | `[]` | | Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'. | -| `storageQueuePrivateEndpoints` | array | `[]` | | Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `managedEventHubId` | string | The resource ID of the managed Event Hub Namespace. | -| `managedResourceGroupId` | string | The resource ID of the managed resource group. | -| `managedResourceGroupName` | string | The name of the managed resource group. | -| `managedStorageAccountId` | string | The resource ID of the managed storage account. | -| `name` | string | The name of the Purview Account. | -| `resourceGroupName` | string | The resource group the Purview Account was deployed into. | -| `resourceId` | string | The resource ID of the Purview Account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/purview.account:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module account './purview/account/main.bicep' = { +module account 'br:bicep/modules/purview.account:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pvacom' params: { // Required parameters @@ -387,14 +338,17 @@ module account './purview/account/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module account './purview/account/main.bicep' = { +module account 'br:bicep/modules/purview.account:1.0.0' = { name: '${uniqueString(deployment().name)}-test-pvamin' params: { // Required parameters @@ -435,3 +389,210 @@ module account './purview/account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Purview Account. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accountPrivateEndpoints`](#parameter-accountprivateendpoints) | array | Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventHubPrivateEndpoints`](#parameter-eventhubprivateendpoints) | array | Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedResourceGroupName`](#parameter-managedresourcegroupname) | string | The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. | +| [`portalPrivateEndpoints`](#parameter-portalprivateendpoints) | array | Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`storageBlobPrivateEndpoints`](#parameter-storageblobprivateendpoints) | array | Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'. | +| [`storageQueuePrivateEndpoints`](#parameter-storagequeueprivateendpoints) | array | Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `accountPrivateEndpoints` + +Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DataSensitivity, PurviewAccountAuditEvents, ScanStatus]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubPrivateEndpoints` + +Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedResourceGroupName` + +The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. +- Required: No +- Type: string +- Default: `[format('managed-rg-{0}', parameters('name'))]` + +### Parameter: `name` + +Name of the Purview Account. +- Required: Yes +- Type: string + +### Parameter: `portalPrivateEndpoints` + +Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `'NotSpecified'` +- Allowed: `[Disabled, Enabled, NotSpecified]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageBlobPrivateEndpoints` + +Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageQueuePrivateEndpoints` + +Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `managedEventHubId` | string | The resource ID of the managed Event Hub Namespace. | +| `managedResourceGroupId` | string | The resource ID of the managed resource group. | +| `managedResourceGroupName` | string | The name of the managed resource group. | +| `managedStorageAccountId` | string | The resource ID of the managed storage account. | +| `name` | string | The name of the Purview Account. | +| `resourceGroupName` | string | The resource group the Purview Account was deployed into. | +| `resourceId` | string | The resource ID of the Purview Account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/purview/account/main.json b/modules/purview/account/main.json index 4c5a590e59..9133d24ca9 100644 --- a/modules/purview/account/main.json +++ b/modules/purview/account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13858870839826071407" + "version": "0.22.6.54827", + "templateHash": "5252602419334487318" }, "name": "Purview Accounts", "description": "This module deploys a Purview Account.", @@ -316,8 +316,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -516,8 +516,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -654,8 +654,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -880,8 +880,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1080,8 +1080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1218,8 +1218,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1444,8 +1444,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1644,8 +1644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1782,8 +1782,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2008,8 +2008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2208,8 +2208,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2346,8 +2346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2572,8 +2572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2772,8 +2772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2910,8 +2910,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -3124,8 +3124,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12596337449494040710" + "version": "0.22.6.54827", + "templateHash": "15861709353924438880" } }, "parameters": { diff --git a/modules/recovery-services/vault/.test/common/main.test.bicep b/modules/recovery-services/vault/.test/common/main.test.bicep index dc9857d7c9..aa714983ad 100644 --- a/modules/recovery-services/vault/.test/common/main.test.bicep +++ b/modules/recovery-services/vault/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/recovery-services/vault/.test/min/main.test.bicep b/modules/recovery-services/vault/.test/min/main.test.bicep index d34d8bced4..8477f9fb08 100644 --- a/modules/recovery-services/vault/.test/min/main.test.bicep +++ b/modules/recovery-services/vault/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md index 9adaee17b2..c7bbaa77ff 100644 --- a/modules/recovery-services/vault/README.md +++ b/modules/recovery-services/vault/README.md @@ -5,10 +5,10 @@ This module deploys a Recovery Services Vault. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -31,78 +31,29 @@ This module deploys a Recovery Services Vault. | `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-10-01/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings) | | `Microsoft.RecoveryServices/vaults/replicationPolicies` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-10-01/vaults/replicationPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Recovery Service Vault. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backupConfig` | _[backupConfig](backup-config/README.md)_ object | `{object}` | | The backup configuration. | -| `backupPolicies` | array | `[]` | | List of all backup policies. | -| `backupStorageConfig` | _[backupStorageConfig](backup-storage-config/README.md)_ object | `{object}` | | The storage configuration for the Azure Recovery Service Vault. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, allLogs, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Health]` | `[Health]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `monitoringSettings` | object | `{object}` | | Monitoring Settings of the vault. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `protectionContainers` | array | `[]` | | List of all protection containers. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. | -| `replicationAlertSettings` | object | `{object}` | | Replication alert settings. | -| `replicationFabrics` | array | `[]` | | List of all replication fabrics. | -| `replicationPolicies` | array | `[]` | | List of all replication policies. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securitySettings` | object | `{object}` | | Security Settings of the vault. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the recovery services vault. | -| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | -| `resourceId` | string | The resource ID of the recovery services vault. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/recovery-services.vault:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Dr](#example-2-dr) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module vault './recovery-services/vault/main.bicep' = { +module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rsvcom' params: { // Required parameters @@ -754,14 +705,14 @@ module vault './recovery-services/vault/main.bicep' = {

-

Example 2: Dr

+### Example 2: _Dr_
via Bicep module ```bicep -module vault './recovery-services/vault/main.bicep' = { +module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rsvdr' params: { // Required parameters @@ -925,14 +876,17 @@ module vault './recovery-services/vault/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module vault './recovery-services/vault/main.bicep' = { +module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rsvmin' params: { // Required parameters @@ -969,3 +923,246 @@ module vault './recovery-services/vault/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backupConfig`](#parameter-backupconfig) | object | The backup configuration. | +| [`backupPolicies`](#parameter-backuppolicies) | array | List of all backup policies. | +| [`backupStorageConfig`](#parameter-backupstorageconfig) | object | The storage configuration for the Azure Recovery Service Vault. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`monitoringSettings`](#parameter-monitoringsettings) | object | Monitoring Settings of the vault. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`protectionContainers`](#parameter-protectioncontainers) | array | List of all protection containers. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. | +| [`replicationAlertSettings`](#parameter-replicationalertsettings) | object | Replication alert settings. | +| [`replicationFabrics`](#parameter-replicationfabrics) | array | List of all replication fabrics. | +| [`replicationPolicies`](#parameter-replicationpolicies) | array | List of all replication policies. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securitySettings`](#parameter-securitysettings) | object | Security Settings of the vault. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `backupConfig` + +The backup configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `backupPolicies` + +List of all backup policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `backupStorageConfig` + +The storage configuration for the Azure Recovery Service Vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, allLogs, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Health]` +- Allowed: `[Health]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `monitoringSettings` + +Monitoring Settings of the vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the Azure Recovery Service Vault. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `protectionContainers` + +List of all protection containers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `replicationAlertSettings` + +Replication alert settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `replicationFabrics` + +List of all replication fabrics. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `replicationPolicies` + +List of all replication policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securitySettings` + +Security Settings of the vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Recovery Service Vault resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the recovery services vault. | +| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | +| `resourceId` | string | The resource ID of the recovery services vault. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/recovery-services/vault/backup-config/README.md b/modules/recovery-services/vault/backup-config/README.md index 8b9118b29d..5ce1b92970 100644 --- a/modules/recovery-services/vault/backup-config/README.md +++ b/modules/recovery-services/vault/backup-config/README.md @@ -19,28 +19,102 @@ This module deploys a Recovery Services Vault Backup Config. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enhancedSecurityState` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. | -| `isSoftDeleteFeatureStateEditable` | bool | `True` | | Is soft delete feature state editable. | -| `name` | string | `'vaultconfig'` | | Name of the Azure Recovery Service Vault Backup Policy. | -| `resourceGuardOperationRequests` | array | `[]` | | ResourceGuard Operation Requests. | -| `softDeleteFeatureState` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. | -| `storageModelType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Storage type. | -| `storageType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Storage type. | -| `storageTypeState` | string | `'Locked'` | `[Locked, Unlocked]` | Once a machine is registered against a resource, the storageTypeState is always Locked. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enhancedSecurityState`](#parameter-enhancedsecuritystate) | string | Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. | +| [`isSoftDeleteFeatureStateEditable`](#parameter-issoftdeletefeaturestateeditable) | bool | Is soft delete feature state editable. | +| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault Backup Policy. | +| [`resourceGuardOperationRequests`](#parameter-resourceguardoperationrequests) | array | ResourceGuard Operation Requests. | +| [`softDeleteFeatureState`](#parameter-softdeletefeaturestate) | string | Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. | +| [`storageModelType`](#parameter-storagemodeltype) | string | Storage type. | +| [`storageType`](#parameter-storagetype) | string | Storage type. | +| [`storageTypeState`](#parameter-storagetypestate) | string | Once a machine is registered against a resource, the storageTypeState is always Locked. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enhancedSecurityState` + +Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `isSoftDeleteFeatureStateEditable` + +Is soft delete feature state editable. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the Azure Recovery Service Vault Backup Policy. +- Required: No +- Type: string +- Default: `'vaultconfig'` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `resourceGuardOperationRequests` + +ResourceGuard Operation Requests. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `softDeleteFeatureState` + +Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `storageModelType` + +Storage type. +- Required: No +- Type: string +- Default: `'GeoRedundant'` +- Allowed: `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` + +### Parameter: `storageType` + +Storage type. +- Required: No +- Type: string +- Default: `'GeoRedundant'` +- Allowed: `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` + +### Parameter: `storageTypeState` + +Once a machine is registered against a resource, the storageTypeState is always Locked. +- Required: No +- Type: string +- Default: `'Locked'` +- Allowed: `[Locked, Unlocked]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the backup config. | | `resourceGroupName` | string | The name of the resource group the backup config was created in. | diff --git a/modules/recovery-services/vault/backup-config/main.json b/modules/recovery-services/vault/backup-config/main.json index 5052408a86..7ba9a5b1cb 100644 --- a/modules/recovery-services/vault/backup-config/main.json +++ b/modules/recovery-services/vault/backup-config/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2030776827393689599" + "version": "0.22.6.54827", + "templateHash": "7310792683713567656" }, "name": "Recovery Services Vault Backup Config", "description": "This module deploys a Recovery Services Vault Backup Config.", diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/README.md b/modules/recovery-services/vault/backup-fabric/protection-container/README.md index 5c39aced8b..0c7bbeeb33 100644 --- a/modules/recovery-services/vault/backup-fabric/protection-container/README.md +++ b/modules/recovery-services/vault/backup-fabric/protection-container/README.md @@ -4,12 +4,12 @@ This module deploys a Recovery Services Vault Protection Container. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,32 +20,95 @@ This module deploys a Recovery Services Vault Protection Container. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Azure Recovery Service Vault Protection Container. | +| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault Protection Container. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backupManagementType` | string | `''` | `['', AzureBackupServer, AzureIaasVM, AzureSql, AzureStorage, AzureWorkload, DefaultBackup, DPM, Invalid, MAB]` | Backup management type to execute the current Protection Container job. | -| `containerType` | string | `''` | `['', AzureBackupServerContainer, AzureSqlContainer, GenericContainer, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, SQLAGWorkLoadContainer, StorageContainer, VMAppContainer, Windows]` | Type of the container. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | Friendly name of the Protection Container. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `protectedItems` | array | `[]` | | Protected items to register in the container. | -| `sourceResourceId` | string | `''` | | Resource ID of the target resource for the Protection Container. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backupManagementType`](#parameter-backupmanagementtype) | string | Backup management type to execute the current Protection Container job. | +| [`containerType`](#parameter-containertype) | string | Type of the container. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | Friendly name of the Protection Container. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`protectedItems`](#parameter-protecteditems) | array | Protected items to register in the container. | +| [`sourceResourceId`](#parameter-sourceresourceid) | string | Resource ID of the target resource for the Protection Container. | + +### Parameter: `backupManagementType` + +Backup management type to execute the current Protection Container job. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AzureBackupServer, AzureIaasVM, AzureSql, AzureStorage, AzureWorkload, DefaultBackup, DPM, Invalid, MAB]` + +### Parameter: `containerType` + +Type of the container. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AzureBackupServerContainer, AzureSqlContainer, GenericContainer, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, SQLAGWorkLoadContainer, StorageContainer, VMAppContainer, Windows]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +Friendly name of the Protection Container. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Azure Recovery Service Vault Protection Container. +- Required: Yes +- Type: string + +### Parameter: `protectedItems` + +Protected items to register in the container. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sourceResourceId` + +Resource ID of the target resource for the Protection Container. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The Name of the Protection Container. | | `resourceGroupName` | string | The name of the Resource Group the Protection Container was created in. | diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/main.json b/modules/recovery-services/vault/backup-fabric/protection-container/main.json index 86cb2e9330..ce42abbbf0 100644 --- a/modules/recovery-services/vault/backup-fabric/protection-container/main.json +++ b/modules/recovery-services/vault/backup-fabric/protection-container/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17832840146797285516" + "version": "0.22.6.54827", + "templateHash": "2599343254432362849" }, "name": "Recovery Services Vault Protection Container", "description": "This module deploys a Recovery Services Vault Protection Container.", @@ -172,8 +172,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6407898441503460857" + "version": "0.22.6.54827", + "templateHash": "7148492251760573310" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.", diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md index 51f5bb2b9f..64cd46a689 100644 --- a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md +++ b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md @@ -4,12 +4,12 @@ This module deploys a Recovery Services Vault Protection Container Protected Ite ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,31 +19,82 @@ This module deploys a Recovery Services Vault Protection Container Protected Ite **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the resource. | -| `policyId` | string | | ID of the backup policy with which this item is backed up. | -| `protectedItemType` | string | `[AzureFileShareProtectedItem, AzureVmWorkloadSAPAseDatabase, AzureVmWorkloadSAPHanaDatabase, AzureVmWorkloadSQLDatabase, DPMProtectedItem, GenericProtectedItem, MabFileFolderProtectedItem, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, Microsoft.Sql/servers/databases]` | The backup item type. | -| `sourceResourceId` | string | | Resource ID of the resource to back up. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the resource. | +| [`policyId`](#parameter-policyid) | string | ID of the backup policy with which this item is backed up. | +| [`protectedItemType`](#parameter-protecteditemtype) | string | The backup item type. | +| [`sourceResourceId`](#parameter-sourceresourceid) | string | Resource ID of the resource to back up. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `protectionContainerName` | string | Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`protectionContainerName`](#parameter-protectioncontainername) | string | Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the resource. +- Required: Yes +- Type: string + +### Parameter: `policyId` + +ID of the backup policy with which this item is backed up. +- Required: Yes +- Type: string + +### Parameter: `protectedItemType` + +The backup item type. +- Required: Yes +- Type: string +- Allowed: `[AzureFileShareProtectedItem, AzureVmWorkloadSAPAseDatabase, AzureVmWorkloadSAPHanaDatabase, AzureVmWorkloadSQLDatabase, DPMProtectedItem, GenericProtectedItem, MabFileFolderProtectedItem, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, Microsoft.Sql/servers/databases]` + +### Parameter: `protectionContainerName` + +Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sourceResourceId` + +Resource ID of the resource to back up. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The Name of the protected item. | | `resourceGroupName` | string | The name of the Resource Group the protected item was created in. | diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json index 2ccee87db2..232937bb2a 100644 --- a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json +++ b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6407898441503460857" + "version": "0.22.6.54827", + "templateHash": "7148492251760573310" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.", diff --git a/modules/recovery-services/vault/backup-policy/README.md b/modules/recovery-services/vault/backup-policy/README.md index 8490913844..c769d8ce08 100644 --- a/modules/recovery-services/vault/backup-policy/README.md +++ b/modules/recovery-services/vault/backup-policy/README.md @@ -4,12 +4,12 @@ This module deploys a Recovery Services Vault Backup Policy. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,27 +19,52 @@ This module deploys a Recovery Services Vault Backup Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Azure Recovery Service Vault Backup Policy. | -| `properties` | object | Configuration of the Azure Recovery Service Vault Backup Policy. | +| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault Backup Policy. | +| [`properties`](#parameter-properties) | object | Configuration of the Azure Recovery Service Vault Backup Policy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the Azure Recovery Service Vault Backup Policy. +- Required: Yes +- Type: string + +### Parameter: `properties` + +Configuration of the Azure Recovery Service Vault Backup Policy. +- Required: Yes +- Type: object + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the backup policy. | | `resourceGroupName` | string | The name of the resource group the backup policy was created in. | diff --git a/modules/recovery-services/vault/backup-policy/main.json b/modules/recovery-services/vault/backup-policy/main.json index 8a67c74af9..c6180ca142 100644 --- a/modules/recovery-services/vault/backup-policy/main.json +++ b/modules/recovery-services/vault/backup-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13635254612288594433" + "version": "0.22.6.54827", + "templateHash": "5026084694620767555" }, "name": "Recovery Services Vault Backup Policies", "description": "This module deploys a Recovery Services Vault Backup Policy.", diff --git a/modules/recovery-services/vault/backup-storage-config/README.md b/modules/recovery-services/vault/backup-storage-config/README.md index 523244fc10..44c5b030b3 100644 --- a/modules/recovery-services/vault/backup-storage-config/README.md +++ b/modules/recovery-services/vault/backup-storage-config/README.md @@ -4,12 +4,12 @@ This module deploys a Recovery Service Vault Backup Storage Configuration. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,23 +19,58 @@ This module deploys a Recovery Service Vault Backup Storage Configuration. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `crossRegionRestoreFlag` | bool | `True` | | Opt in details of Cross Region Restore feature. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'vaultstorageconfig'` | | The name of the backup storage config. | -| `storageModelType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Change Vault Storage Type (Works if vault has not registered any backup instance). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`crossRegionRestoreFlag`](#parameter-crossregionrestoreflag) | bool | Opt in details of Cross Region Restore feature. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the backup storage config. | +| [`storageModelType`](#parameter-storagemodeltype) | string | Change Vault Storage Type (Works if vault has not registered any backup instance). | + +### Parameter: `crossRegionRestoreFlag` + +Opt in details of Cross Region Restore feature. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the backup storage config. +- Required: No +- Type: string +- Default: `'vaultstorageconfig'` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `storageModelType` + +Change Vault Storage Type (Works if vault has not registered any backup instance). +- Required: No +- Type: string +- Default: `'GeoRedundant'` +- Allowed: `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the backup storage config. | | `resourceGroupName` | string | The name of the Resource Group the backup storage configuration was created in. | diff --git a/modules/recovery-services/vault/backup-storage-config/main.json b/modules/recovery-services/vault/backup-storage-config/main.json index f2d19f8d68..b3b1a961d8 100644 --- a/modules/recovery-services/vault/backup-storage-config/main.json +++ b/modules/recovery-services/vault/backup-storage-config/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5682567943042044037" + "version": "0.22.6.54827", + "templateHash": "11669127714287855633" }, "name": "Recovery Services Vault Backup Storage Config", "description": "This module deploys a Recovery Service Vault Backup Storage Configuration.", diff --git a/modules/recovery-services/vault/main.json b/modules/recovery-services/vault/main.json index 4dbbe27952..8a77b1b8fe 100644 --- a/modules/recovery-services/vault/main.json +++ b/modules/recovery-services/vault/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6227298459944107927" + "version": "0.22.6.54827", + "templateHash": "9931998458625198588" }, "name": "Recovery Services Vaults", "description": "This module deploys a Recovery Services Vault.", @@ -352,8 +352,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5163393158902461304" + "version": "0.22.6.54827", + "templateHash": "4084364932296928832" }, "name": "Recovery Services Vault Replication Fabrics", "description": "This module deploys a Replication Fabric for Azure to Azure disaster recovery scenario of Azure Site Recovery.\r\n\r\n> Note: this module currently support only the `instanceType: 'Azure'` scenario.", @@ -458,8 +458,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11778647907922523589" + "version": "0.22.6.54827", + "templateHash": "12428378308583074618" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Containers", "description": "This module deploys a Recovery Services Vault Replication Protection Container.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", @@ -568,8 +568,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4097117837670939230" + "version": "0.22.6.54827", + "templateHash": "13312155038829056102" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings", "description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", @@ -801,8 +801,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "571014987628974476" + "version": "0.22.6.54827", + "templateHash": "4881591174035362600" }, "name": "Recovery Services Vault Replication Policies", "description": "This module deploys a Recovery Services Vault Replication Policy for Disaster Recovery scenario.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", @@ -950,8 +950,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9320127696130777627" + "version": "0.22.6.54827", + "templateHash": "11669127714287855633" }, "name": "Recovery Services Vault Backup Storage Config", "description": "This module deploys a Recovery Service Vault Backup Storage Configuration.", @@ -1099,8 +1099,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18051870481312741885" + "version": "0.22.6.54827", + "templateHash": "2599343254432362849" }, "name": "Recovery Services Vault Protection Container", "description": "This module deploys a Recovery Services Vault Protection Container.", @@ -1267,8 +1267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10079924922844886000" + "version": "0.22.6.54827", + "templateHash": "7148492251760573310" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.", @@ -1457,8 +1457,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11484548106923742925" + "version": "0.22.6.54827", + "templateHash": "5026084694620767555" }, "name": "Recovery Services Vault Backup Policies", "description": "This module deploys a Recovery Services Vault Backup Policy.", @@ -1574,8 +1574,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17044473868370755942" + "version": "0.22.6.54827", + "templateHash": "7310792683713567656" }, "name": "Recovery Services Vault Backup Config", "description": "This module deploys a Recovery Services Vault Backup Config.", @@ -1765,8 +1765,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4077813769135879734" + "version": "0.22.6.54827", + "templateHash": "326959657687879671" }, "name": "Recovery Services Vault Replication Alert Settings", "description": "This module deploys a Recovery Services Vault Replication Alert Settings.", @@ -1920,8 +1920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2120,8 +2120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2258,8 +2258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2472,8 +2472,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14902208368944856830" + "version": "0.22.6.54827", + "templateHash": "8436896073465306731" } }, "parameters": { diff --git a/modules/recovery-services/vault/replication-alert-setting/README.md b/modules/recovery-services/vault/replication-alert-setting/README.md index b4ee9494c5..c756a3ce98 100644 --- a/modules/recovery-services/vault/replication-alert-setting/README.md +++ b/modules/recovery-services/vault/replication-alert-setting/README.md @@ -19,24 +19,66 @@ This module deploys a Recovery Services Vault Replication Alert Settings. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customEmailAddresses` | array | `[]` | | Comma separated list of custom email address for sending alert emails. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `locale` | string | `''` | | The locale for the email notification. | -| `name` | string | `'defaultAlertSetting'` | | The name of the replication Alert Setting. | -| `sendToOwners` | string | `'Send'` | `[DoNotSend, Send]` | The value indicating whether to send email to subscription administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customEmailAddresses`](#parameter-customemailaddresses) | array | Comma separated list of custom email address for sending alert emails. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`locale`](#parameter-locale) | string | The locale for the email notification. | +| [`name`](#parameter-name) | string | The name of the replication Alert Setting. | +| [`sendToOwners`](#parameter-sendtoowners) | string | The value indicating whether to send email to subscription administrator. | + +### Parameter: `customEmailAddresses` + +Comma separated list of custom email address for sending alert emails. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `locale` + +The locale for the email notification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the replication Alert Setting. +- Required: No +- Type: string +- Default: `'defaultAlertSetting'` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sendToOwners` + +The value indicating whether to send email to subscription administrator. +- Required: No +- Type: string +- Default: `'Send'` +- Allowed: `[DoNotSend, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the replication Alert Setting. | | `resourceGroupName` | string | The name of the resource group the replication alert setting was created. | diff --git a/modules/recovery-services/vault/replication-alert-setting/main.json b/modules/recovery-services/vault/replication-alert-setting/main.json index f0561c50d1..27d98ff68e 100644 --- a/modules/recovery-services/vault/replication-alert-setting/main.json +++ b/modules/recovery-services/vault/replication-alert-setting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14248192554679574765" + "version": "0.22.6.54827", + "templateHash": "326959657687879671" }, "name": "Recovery Services Vault Replication Alert Settings", "description": "This module deploys a Recovery Services Vault Replication Alert Settings.", diff --git a/modules/recovery-services/vault/replication-fabric/README.md b/modules/recovery-services/vault/replication-fabric/README.md index e11ecc23d5..8213e34c2a 100644 --- a/modules/recovery-services/vault/replication-fabric/README.md +++ b/modules/recovery-services/vault/replication-fabric/README.md @@ -23,28 +23,62 @@ This module deploys a Replication Fabric for Azure to Azure disaster recovery sc **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `location` | string | `[resourceGroup().location]` | The recovery location the fabric represents. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`location`](#parameter-location) | string | The recovery location the fabric represents. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[parameters('location')]` | The name of the fabric. | -| `replicationContainers` | array | `[]` | Replication containers to create. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the fabric. | +| [`replicationContainers`](#parameter-replicationcontainers) | array | Replication containers to create. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The recovery location the fabric represents. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the fabric. +- Required: No +- Type: string +- Default: `[parameters('location')]` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `replicationContainers` + +Replication containers to create. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the replication fabric. | | `resourceGroupName` | string | The name of the resource group the replication fabric was created in. | diff --git a/modules/recovery-services/vault/replication-fabric/main.json b/modules/recovery-services/vault/replication-fabric/main.json index 11e29ab771..695123e7e7 100644 --- a/modules/recovery-services/vault/replication-fabric/main.json +++ b/modules/recovery-services/vault/replication-fabric/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8280438435310104866" + "version": "0.22.6.54827", + "templateHash": "4084364932296928832" }, "name": "Recovery Services Vault Replication Fabrics", "description": "This module deploys a Replication Fabric for Azure to Azure disaster recovery scenario of Azure Site Recovery.\r\n\r\n> Note: this module currently support only the `instanceType: 'Azure'` scenario.", @@ -110,8 +110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1196918307822554260" + "version": "0.22.6.54827", + "templateHash": "12428378308583074618" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Containers", "description": "This module deploys a Recovery Services Vault Replication Protection Container.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", @@ -220,8 +220,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2149629411962083695" + "version": "0.22.6.54827", + "templateHash": "13312155038829056102" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings", "description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md index 23b6656e50..841d221908 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md @@ -22,28 +22,60 @@ This module deploys a Recovery Services Vault Replication Protection Container. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the replication container. | +| [`name`](#parameter-name) | string | The name of the replication container. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | -| `replicationFabricName` | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`replicationFabricName`](#parameter-replicationfabricname) | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `replicationContainerMappings` | array | `[]` | Replication containers mappings to create. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`replicationContainerMappings`](#parameter-replicationcontainermappings) | array | Replication containers mappings to create. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the replication container. +- Required: Yes +- Type: string + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `replicationContainerMappings` + +Replication containers mappings to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `replicationFabricName` + +The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the replication container. | | `resourceGroupName` | string | The name of the resource group the replication container was created in. | diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json b/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json index 9a5aeba687..1dac942bdb 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1196918307822554260" + "version": "0.22.6.54827", + "templateHash": "12428378308583074618" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Containers", "description": "This module deploys a Recovery Services Vault Replication Protection Container.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", @@ -114,8 +114,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2149629411962083695" + "version": "0.22.6.54827", + "templateHash": "13312155038829056102" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings", "description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md index f2351c5c46..e409532d3e 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md @@ -21,28 +21,95 @@ This module deploys a Recovery Services Vault (RSV) Replication Protection Conta **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | -| `replicationFabricName` | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. | -| `sourceProtectionContainerName` | string | The name of the parent source Replication container. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`replicationFabricName`](#parameter-replicationfabricname) | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. | +| [`sourceProtectionContainerName`](#parameter-sourceprotectioncontainername) | string | The name of the parent source Replication container. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `''` | The name of the replication container mapping. If not provided, it will be automatically generated as `-`. | -| `policyId` | string | `''` | Resource ID of the replication policy. If defined, policyName will be ignored. | -| `policyName` | string | `''` | Name of the replication policy. Will be ignored if policyId is also specified. | -| `targetContainerFabricName` | string | `[parameters('replicationFabricName')]` | Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. | -| `targetContainerName` | string | `''` | Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. | -| `targetProtectionContainerId` | string | `''` | Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the replication container mapping. If not provided, it will be automatically generated as `-`. | +| [`policyId`](#parameter-policyid) | string | Resource ID of the replication policy. If defined, policyName will be ignored. | +| [`policyName`](#parameter-policyname) | string | Name of the replication policy. Will be ignored if policyId is also specified. | +| [`targetContainerFabricName`](#parameter-targetcontainerfabricname) | string | Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. | +| [`targetContainerName`](#parameter-targetcontainername) | string | Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. | +| [`targetProtectionContainerId`](#parameter-targetprotectioncontainerid) | string | Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the replication container mapping. If not provided, it will be automatically generated as `-`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `policyId` + +Resource ID of the replication policy. If defined, policyName will be ignored. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `policyName` + +Name of the replication policy. Will be ignored if policyId is also specified. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `replicationFabricName` + +The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sourceProtectionContainerName` + +The name of the parent source Replication container. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `targetContainerFabricName` + +Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. +- Required: No +- Type: string +- Default: `[parameters('replicationFabricName')]` + +### Parameter: `targetContainerName` + +Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `targetProtectionContainerId` + +Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the replication container. | | `resourceGroupName` | string | The name of the resource group the replication container was created in. | diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json index 6d189a871f..8e5a371f40 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2149629411962083695" + "version": "0.22.6.54827", + "templateHash": "13312155038829056102" }, "name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings", "description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", diff --git a/modules/recovery-services/vault/replication-policy/README.md b/modules/recovery-services/vault/replication-policy/README.md index 9e7fd1421d..81a72c1aa8 100644 --- a/modules/recovery-services/vault/replication-policy/README.md +++ b/modules/recovery-services/vault/replication-policy/README.md @@ -21,30 +21,78 @@ This module deploys a Recovery Services Vault Replication Policy for Disaster Re **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the replication policy. | +| [`name`](#parameter-name) | string | The name of the replication policy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | +| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appConsistentFrequencyInMinutes` | int | `60` | | The app consistent snapshot frequency (in minutes). | -| `crashConsistentFrequencyInMinutes` | int | `5` | | The crash consistent snapshot frequency (in minutes). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `multiVmSyncStatus` | string | `'Enable'` | `[Disable, Enable]` | A value indicating whether multi-VM sync has to be enabled. | -| `recoveryPointHistory` | int | `1440` | | The duration in minutes until which the recovery points need to be stored. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appConsistentFrequencyInMinutes`](#parameter-appconsistentfrequencyinminutes) | int | The app consistent snapshot frequency (in minutes). | +| [`crashConsistentFrequencyInMinutes`](#parameter-crashconsistentfrequencyinminutes) | int | The crash consistent snapshot frequency (in minutes). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`multiVmSyncStatus`](#parameter-multivmsyncstatus) | string | A value indicating whether multi-VM sync has to be enabled. | +| [`recoveryPointHistory`](#parameter-recoverypointhistory) | int | The duration in minutes until which the recovery points need to be stored. | + +### Parameter: `appConsistentFrequencyInMinutes` + +The app consistent snapshot frequency (in minutes). +- Required: No +- Type: int +- Default: `60` + +### Parameter: `crashConsistentFrequencyInMinutes` + +The crash consistent snapshot frequency (in minutes). +- Required: No +- Type: int +- Default: `5` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `multiVmSyncStatus` + +A value indicating whether multi-VM sync has to be enabled. +- Required: No +- Type: string +- Default: `'Enable'` +- Allowed: `[Disable, Enable]` + +### Parameter: `name` + +The name of the replication policy. +- Required: Yes +- Type: string + +### Parameter: `recoveryPointHistory` + +The duration in minutes until which the recovery points need to be stored. +- Required: No +- Type: int +- Default: `1440` + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the replication policy. | | `resourceGroupName` | string | The name of the resource group the replication policy was created in. | diff --git a/modules/recovery-services/vault/replication-policy/main.json b/modules/recovery-services/vault/replication-policy/main.json index d91fe34f95..783b758258 100644 --- a/modules/recovery-services/vault/replication-policy/main.json +++ b/modules/recovery-services/vault/replication-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11896184761533167738" + "version": "0.22.6.54827", + "templateHash": "4881591174035362600" }, "name": "Recovery Services Vault Replication Policies", "description": "This module deploys a Recovery Services Vault Replication Policy for Disaster Recovery scenario.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.", diff --git a/modules/relay/namespace/.test/common/main.test.bicep b/modules/relay/namespace/.test/common/main.test.bicep index 3dd433d28f..219a764842 100644 --- a/modules/relay/namespace/.test/common/main.test.bicep +++ b/modules/relay/namespace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/relay/namespace/.test/min/main.test.bicep b/modules/relay/namespace/.test/min/main.test.bicep index 3553a10c28..25c3225ee0 100644 --- a/modules/relay/namespace/.test/min/main.test.bicep +++ b/modules/relay/namespace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/relay/namespace/README.md b/modules/relay/namespace/README.md index 4d6c984338..f9d8f5efff 100644 --- a/modules/relay/namespace/README.md +++ b/modules/relay/namespace/README.md @@ -4,13 +4,13 @@ This module deploys a Relay Namespace ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -27,70 +27,29 @@ This module deploys a Relay Namespace | `Microsoft.Relay/namespaces/wcfRelays` | [2021-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Relay/2021-11-01/namespaces/wcfRelays) | | `Microsoft.Relay/namespaces/wcfRelays/authorizationRules` | [2021-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Relay/2021-11-01/namespaces/wcfRelays/authorizationRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Relay Namespace. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Relay namespace. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs, hybridConnectionsEvent]` | `['', allLogs, hybridConnectionsEvent, OperationalLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hybridConnections` | array | `[]` | | The hybrid connections to create in the relay namespace. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkRuleSets` | object | `{object}` | | Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Standard'` | `[Standard]` | Name of this SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `wcfRelays` | array | `[]` | | The wcf relays to create in the relay namespace. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed relay namespace. | -| `resourceGroupName` | string | The resource group of the deployed relay namespace. | -| `resourceId` | string | The resource ID of the deployed relay namespace. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/relay.namespace:1.0.0`. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module namespace './relay/namespace/main.bicep' = { +module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rncom' params: { // Required parameters @@ -364,14 +323,17 @@ module namespace './relay/namespace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module namespace './relay/namespace/main.bicep' = { +module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rnmin' params: { // Required parameters @@ -409,14 +371,14 @@ module namespace './relay/namespace/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module namespace './relay/namespace/main.bicep' = { +module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rnpe' params: { // Required parameters @@ -503,3 +465,189 @@ module namespace './relay/namespace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Relay Namespace. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Relay namespace. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hybridConnections`](#parameter-hybridconnections) | array | The hybrid connections to create in the relay namespace. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | Name of this SKU. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`wcfRelays`](#parameter-wcfrelays) | array | The wcf relays to create in the relay namespace. | + +### Parameter: `authorizationRules` + +Authorization Rules for the Relay namespace. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs, hybridConnectionsEvent]` +- Allowed: `['', allLogs, hybridConnectionsEvent, OperationalLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnections` + +The hybrid connections to create in the relay namespace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Relay Namespace. +- Required: Yes +- Type: string + +### Parameter: `networkRuleSets` + +Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +Name of this SKU. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Standard]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `wcfRelays` + +The wcf relays to create in the relay namespace. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed relay namespace. | +| `resourceGroupName` | string | The resource group of the deployed relay namespace. | +| `resourceId` | string | The resource ID of the deployed relay namespace. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/relay/namespace/authorization-rule/README.md b/modules/relay/namespace/authorization-rule/README.md index 44420982c3..c66fadfdbe 100644 --- a/modules/relay/namespace/authorization-rule/README.md +++ b/modules/relay/namespace/authorization-rule/README.md @@ -19,27 +19,54 @@ This module deploys a Relay Namespace Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | diff --git a/modules/relay/namespace/authorization-rule/main.json b/modules/relay/namespace/authorization-rule/main.json index 838638b05f..6969a1416e 100644 --- a/modules/relay/namespace/authorization-rule/main.json +++ b/modules/relay/namespace/authorization-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2910468169645277295" + "version": "0.22.6.54827", + "templateHash": "8947023489504947393" }, "name": "Relay Namespace Authorization Rules", "description": "This module deploys a Relay Namespace Authorization Rule.", diff --git a/modules/relay/namespace/hybrid-connection/README.md b/modules/relay/namespace/hybrid-connection/README.md index 03ee068530..c2b68a3256 100644 --- a/modules/relay/namespace/hybrid-connection/README.md +++ b/modules/relay/namespace/hybrid-connection/README.md @@ -4,12 +4,12 @@ This module deploys a Relay Namespace Hybrid Connection. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,31 +22,85 @@ This module deploys a Relay Namespace Hybrid Connection. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the hybrid connection. | -| `userMetadata` | string | The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. | +| [`name`](#parameter-name) | string | The name of the hybrid connection. | +| [`userMetadata`](#parameter-usermetadata) | string | The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Relay Hybrid Connection. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `requiresClientAuthorization` | bool | `True` | | A value indicating if this hybrid connection requires client authorization. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Relay Hybrid Connection. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this hybrid connection requires client authorization. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +### Parameter: `authorizationRules` + +Authorization Rules for the Relay Hybrid Connection. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the hybrid connection. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `requiresClientAuthorization` + +A value indicating if this hybrid connection requires client authorization. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userMetadata` + +The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed hybrid connection. | | `resourceGroupName` | string | The resource group of the deployed hybrid connection. | diff --git a/modules/relay/namespace/hybrid-connection/authorization-rule/README.md b/modules/relay/namespace/hybrid-connection/authorization-rule/README.md index cd97c6739b..38f6f986a1 100644 --- a/modules/relay/namespace/hybrid-connection/authorization-rule/README.md +++ b/modules/relay/namespace/hybrid-connection/authorization-rule/README.md @@ -19,28 +19,61 @@ This module deploys a Hybrid Connection Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hybridConnectionName` | string | The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. | -| `namespaceName` | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. | +| [`hybridConnectionName`](#parameter-hybridconnectionname) | string | The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionName` + +The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | diff --git a/modules/relay/namespace/hybrid-connection/authorization-rule/main.json b/modules/relay/namespace/hybrid-connection/authorization-rule/main.json index e9e3874815..7f723b5086 100644 --- a/modules/relay/namespace/hybrid-connection/authorization-rule/main.json +++ b/modules/relay/namespace/hybrid-connection/authorization-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9718423441307347496" + "version": "0.22.6.54827", + "templateHash": "2105813068659609285" }, "name": "Hybrid Connection Authorization Rules", "description": "This module deploys a Hybrid Connection Authorization Rule.", diff --git a/modules/relay/namespace/hybrid-connection/main.json b/modules/relay/namespace/hybrid-connection/main.json index 2a4a626c8c..0056c9f29a 100644 --- a/modules/relay/namespace/hybrid-connection/main.json +++ b/modules/relay/namespace/hybrid-connection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5587843022604046042" + "version": "0.22.6.54827", + "templateHash": "8795172246215834185" }, "name": "Relay Namespace Hybrid Connections", "description": "This module deploys a Relay Namespace Hybrid Connection.", @@ -171,8 +171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9718423441307347496" + "version": "0.22.6.54827", + "templateHash": "2105813068659609285" }, "name": "Hybrid Connection Authorization Rules", "description": "This module deploys a Hybrid Connection Authorization Rule.", @@ -304,8 +304,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5814555714153100571" + "version": "0.22.6.54827", + "templateHash": "9757505768958218088" } }, "parameters": { diff --git a/modules/relay/namespace/main.json b/modules/relay/namespace/main.json index 7d448f54f2..cc816b07e5 100644 --- a/modules/relay/namespace/main.json +++ b/modules/relay/namespace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6784238447129641700" + "version": "0.22.6.54827", + "templateHash": "14563908102814128404" }, "name": "Relay Namespaces", "description": "This module deploys a Relay Namespace", @@ -290,8 +290,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17576060128370228409" + "version": "0.22.6.54827", + "templateHash": "8947023489504947393" }, "name": "Relay Namespace Authorization Rules", "description": "This module deploys a Relay Namespace Authorization Rule.", @@ -412,8 +412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12482510131982064246" + "version": "0.22.6.54827", + "templateHash": "4617716666405561945" }, "name": "Relay Namespace Network Rules Sets", "description": "This module deploys a Relay Namespace Network Rule Set.", @@ -555,8 +555,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10449982661635472758" + "version": "0.22.6.54827", + "templateHash": "8795172246215834185" }, "name": "Relay Namespace Hybrid Connections", "description": "This module deploys a Relay Namespace Hybrid Connection.", @@ -722,8 +722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15090003948629562677" + "version": "0.22.6.54827", + "templateHash": "2105813068659609285" }, "name": "Hybrid Connection Authorization Rules", "description": "This module deploys a Hybrid Connection Authorization Rule.", @@ -855,8 +855,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8710257990438329269" + "version": "0.22.6.54827", + "templateHash": "9757505768958218088" } }, "parameters": { @@ -1040,8 +1040,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16399405169577171151" + "version": "0.22.6.54827", + "templateHash": "16339805298138761905" }, "name": "Relay Namespace WCF Relays", "description": "This module deploys a Relay Namespace WCF Relay.", @@ -1227,8 +1227,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1819166015438260663" + "version": "0.22.6.54827", + "templateHash": "9905508445063497603" }, "name": "WCF Relay Authorization Rules", "description": "This module deploys a WCF Relay Authorization Rule.", @@ -1360,8 +1360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5004576418567807599" + "version": "0.22.6.54827", + "templateHash": "3790701104073520156" } }, "parameters": { @@ -1554,8 +1554,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1754,8 +1754,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1892,8 +1892,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2106,8 +2106,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15050721890066924646" + "version": "0.22.6.54827", + "templateHash": "7170472647175450772" } }, "parameters": { diff --git a/modules/relay/namespace/network-rule-set/README.md b/modules/relay/namespace/network-rule-set/README.md index dbca72dddb..999a9f0bd2 100644 --- a/modules/relay/namespace/network-rule-set/README.md +++ b/modules/relay/namespace/network-rule-set/README.md @@ -19,23 +19,59 @@ This module deploys a Relay Namespace Network Rule Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `defaultAction` | string | `'Allow'` | `[Allow, Deny]` | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipRules` | array | `[]` | | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`defaultAction`](#parameter-defaultaction) | string | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipRules`](#parameter-iprules) | array | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | + +### Parameter: `defaultAction` + +Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. +- Required: No +- Type: string +- Default: `'Allow'` +- Allowed: `[Allow, Deny]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipRules` + +List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the network rule set. | | `resourceGroupName` | string | The name of the resource group the network rule set was created in. | diff --git a/modules/relay/namespace/network-rule-set/main.json b/modules/relay/namespace/network-rule-set/main.json index 0a2577851e..d7742ddf49 100644 --- a/modules/relay/namespace/network-rule-set/main.json +++ b/modules/relay/namespace/network-rule-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "319020533136370885" + "version": "0.22.6.54827", + "templateHash": "4617716666405561945" }, "name": "Relay Namespace Network Rules Sets", "description": "This module deploys a Relay Namespace Network Rule Set.", diff --git a/modules/relay/namespace/wcf-relay/README.md b/modules/relay/namespace/wcf-relay/README.md index 3a4b841219..bb155573b1 100644 --- a/modules/relay/namespace/wcf-relay/README.md +++ b/modules/relay/namespace/wcf-relay/README.md @@ -4,12 +4,12 @@ This module deploys a Relay Namespace WCF Relay. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,33 +22,102 @@ This module deploys a Relay Namespace WCF Relay. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the WCF Relay. | -| `relayType` | string | `[Http, NetTcp]` | Type of WCF Relay. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the WCF Relay. | +| [`relayType`](#parameter-relaytype) | string | Type of WCF Relay. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the WCF Relay. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `requiresClientAuthorization` | bool | `True` | | A value indicating if this relay requires client authorization. | -| `requiresTransportSecurity` | bool | `True` | | A value indicating if this relay requires transport security. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `userMetadata` | string | `''` | | User-defined string data for the WCF Relay. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the WCF Relay. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this relay requires client authorization. | +| [`requiresTransportSecurity`](#parameter-requirestransportsecurity) | bool | A value indicating if this relay requires transport security. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`userMetadata`](#parameter-usermetadata) | string | User-defined string data for the WCF Relay. | + +### Parameter: `authorizationRules` + +Authorization Rules for the WCF Relay. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the WCF Relay. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `relayType` + +Type of WCF Relay. +- Required: Yes +- Type: string +- Allowed: `[Http, NetTcp]` + +### Parameter: `requiresClientAuthorization` + +A value indicating if this relay requires client authorization. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `requiresTransportSecurity` + +A value indicating if this relay requires transport security. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userMetadata` + +User-defined string data for the WCF Relay. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed wcf relay. | | `resourceGroupName` | string | The resource group of the deployed wcf relay. | diff --git a/modules/relay/namespace/wcf-relay/authorization-rule/README.md b/modules/relay/namespace/wcf-relay/authorization-rule/README.md index bbdd6020cd..4fbcc69f86 100644 --- a/modules/relay/namespace/wcf-relay/authorization-rule/README.md +++ b/modules/relay/namespace/wcf-relay/authorization-rule/README.md @@ -19,28 +19,61 @@ This module deploys a WCF Relay Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. | -| `wcfRelayName` | string | The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. | +| [`wcfRelayName`](#parameter-wcfrelayname) | string | The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` + +### Parameter: `wcfRelayName` + +The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | diff --git a/modules/relay/namespace/wcf-relay/authorization-rule/main.json b/modules/relay/namespace/wcf-relay/authorization-rule/main.json index 17285b2410..2ab62ecde8 100644 --- a/modules/relay/namespace/wcf-relay/authorization-rule/main.json +++ b/modules/relay/namespace/wcf-relay/authorization-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13141425566828642958" + "version": "0.22.6.54827", + "templateHash": "9905508445063497603" }, "name": "WCF Relay Authorization Rules", "description": "This module deploys a WCF Relay Authorization Rule.", diff --git a/modules/relay/namespace/wcf-relay/main.json b/modules/relay/namespace/wcf-relay/main.json index 309e400e0b..4ad90c10ee 100644 --- a/modules/relay/namespace/wcf-relay/main.json +++ b/modules/relay/namespace/wcf-relay/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18205555090536788516" + "version": "0.22.6.54827", + "templateHash": "16339805298138761905" }, "name": "Relay Namespace WCF Relays", "description": "This module deploys a Relay Namespace WCF Relay.", @@ -191,8 +191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13141425566828642958" + "version": "0.22.6.54827", + "templateHash": "9905508445063497603" }, "name": "WCF Relay Authorization Rules", "description": "This module deploys a WCF Relay Authorization Rule.", @@ -324,8 +324,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8507868775083821058" + "version": "0.22.6.54827", + "templateHash": "3790701104073520156" } }, "parameters": { diff --git a/modules/resource-graph/query/.test/common/main.test.bicep b/modules/resource-graph/query/.test/common/main.test.bicep index 3c64dc9dba..77af84a74d 100644 --- a/modules/resource-graph/query/.test/common/main.test.bicep +++ b/modules/resource-graph/query/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/resource-graph/query/.test/min/main.test.bicep b/modules/resource-graph/query/.test/min/main.test.bicep index 9a81477569..f03ce1a8a9 100644 --- a/modules/resource-graph/query/.test/min/main.test.bicep +++ b/modules/resource-graph/query/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/resource-graph/query/README.md b/modules/resource-graph/query/README.md index 9cec40305f..5d725b3c03 100644 --- a/modules/resource-graph/query/README.md +++ b/modules/resource-graph/query/README.md @@ -4,13 +4,13 @@ This module deploys a Resource Graph Query. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,55 +18,28 @@ This module deploys a Resource Graph Query. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ResourceGraph/queries` | [2018-09-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ResourceGraph/2018-09-01-preview/queries) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Resource Graph Query. | -| `query` | string | KQL query that will be graph. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `queryDescription` | string | `''` | | The description of a graph query. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the query. | -| `resourceGroupName` | string | The resource group the query was deployed into. | -| `resourceId` | string | The resource ID of the query. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/resource-graph.query:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module query './resource-graph/query/main.bicep' = { +module query 'br:bicep/modules/resource-graph.query:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rgqcom' params: { // Required parameters @@ -148,14 +121,17 @@ module query './resource-graph/query/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module query './resource-graph/query/main.bicep' = { +module query 'br:bicep/modules/resource-graph.query:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rgqmin' params: { // Required parameters @@ -196,3 +172,93 @@ module query './resource-graph/query/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Resource Graph Query. | +| [`query`](#parameter-query) | string | KQL query that will be graph. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`queryDescription`](#parameter-querydescription) | string | The description of a graph query. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Resource Graph Query. +- Required: Yes +- Type: string + +### Parameter: `query` + +KQL query that will be graph. +- Required: Yes +- Type: string + +### Parameter: `queryDescription` + +The description of a graph query. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the query. | +| `resourceGroupName` | string | The resource group the query was deployed into. | +| `resourceId` | string | The resource ID of the query. | + +## Cross-referenced modules + +_None_ diff --git a/modules/resource-graph/query/main.json b/modules/resource-graph/query/main.json index 301af9810f..637ac21f0a 100644 --- a/modules/resource-graph/query/main.json +++ b/modules/resource-graph/query/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15324622694106945222" + "version": "0.22.6.54827", + "templateHash": "5318766686585928680" }, "name": "Resource Graph Queries", "description": "This module deploys a Resource Graph Query.", @@ -146,8 +146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5203431571109680712" + "version": "0.22.6.54827", + "templateHash": "11432335123187448929" } }, "parameters": { diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md index 98aca51078..16d4b28844 100644 --- a/modules/resources/deployment-script/README.md +++ b/modules/resources/deployment-script/README.md @@ -4,87 +4,38 @@ This module deploys a Deployment Script. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Resources/deploymentScripts` | [2020-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2020-10-01/deploymentScripts) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Display name of the script to be run. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `arguments` | string | `''` | | Command-line arguments to pass to the script. Arguments are separated by spaces. | -| `azCliVersion` | string | `''` | | Azure CLI module version to be used. | -| `azPowerShellVersion` | string | `'3.0'` | | Azure PowerShell module version to be used. | -| `cleanupPreference` | string | `'Always'` | `[Always, OnExpiration, OnSuccess]` | The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). | -| `containerGroupName` | string | `''` | | Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `environmentVariables` | secureObject | `{object}` | | The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. | -| `kind` | string | `'AzurePowerShell'` | `[AzureCLI, AzurePowerShell]` | Type of the script. AzurePowerShell, AzureCLI. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `primaryScriptUri` | string | `''` | | Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. | -| `retentionInterval` | string | `'P1D'` | | Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). | -| `runOnce` | bool | `False` | | When set to false, script will run every time the template is deployed. When set to true, the script will only run once. | -| `scriptContent` | string | `''` | | Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. | -| `storageAccountResourceId` | string | `''` | | The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account. | -| `supportingScriptUris` | array | `[]` | | List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeout` | string | `'PT1H'` | | Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployment script. | -| `outputs` | object | The output of the deployment script. | -| `resourceGroupName` | string | The resource group the deployment script was deployed into. | -| `resourceId` | string | The resource ID of the deployment script. | - -## Cross-referenced modules - -_None_ +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/resources.deployment-script:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Cli](#example-1-cli) +- [Ps](#example-2-ps) -

Example 1: Cli

+### Example 1: _Cli_
via Bicep module ```bicep -module deploymentScript './resources/deployment-script/main.bicep' = { +module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rdscli' params: { // Required parameters @@ -200,14 +151,14 @@ module deploymentScript './resources/deployment-script/main.bicep' = {

-

Example 2: Ps

+### Example 2: _Ps_
via Bicep module ```bicep -module deploymentScript './resources/deployment-script/main.bicep' = { +module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rdsps' params: { // Required parameters @@ -300,3 +251,206 @@ module deploymentScript './resources/deployment-script/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Display name of the script to be run. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`arguments`](#parameter-arguments) | string | Command-line arguments to pass to the script. Arguments are separated by spaces. | +| [`azCliVersion`](#parameter-azcliversion) | string | Azure CLI module version to be used. | +| [`azPowerShellVersion`](#parameter-azpowershellversion) | string | Azure PowerShell module version to be used. | +| [`cleanupPreference`](#parameter-cleanuppreference) | string | The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). | +| [`containerGroupName`](#parameter-containergroupname) | string | Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`environmentVariables`](#parameter-environmentvariables) | secureObject | The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. | +| [`kind`](#parameter-kind) | string | Type of the script. AzurePowerShell, AzureCLI. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`primaryScriptUri`](#parameter-primaryscripturi) | string | Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. | +| [`retentionInterval`](#parameter-retentioninterval) | string | Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). | +| [`runOnce`](#parameter-runonce) | bool | When set to false, script will run every time the template is deployed. When set to true, the script will only run once. | +| [`scriptContent`](#parameter-scriptcontent) | string | Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account. | +| [`supportingScriptUris`](#parameter-supportingscripturis) | array | List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeout`](#parameter-timeout) | string | Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. | + +### Parameter: `arguments` + +Command-line arguments to pass to the script. Arguments are separated by spaces. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `azCliVersion` + +Azure CLI module version to be used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `azPowerShellVersion` + +Azure PowerShell module version to be used. +- Required: No +- Type: string +- Default: `'3.0'` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to make sure the script run every time the template is deployed. +- Required: No +- Type: string +- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]` + +### Parameter: `cleanupPreference` + +The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). +- Required: No +- Type: string +- Default: `'Always'` +- Allowed: `[Always, OnExpiration, OnSuccess]` + +### Parameter: `containerGroupName` + +Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `environmentVariables` + +The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `kind` + +Type of the script. AzurePowerShell, AzureCLI. +- Required: No +- Type: string +- Default: `'AzurePowerShell'` +- Allowed: `[AzureCLI, AzurePowerShell]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Display name of the script to be run. +- Required: Yes +- Type: string + +### Parameter: `primaryScriptUri` + +Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `retentionInterval` + +Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). +- Required: No +- Type: string +- Default: `'P1D'` + +### Parameter: `runOnce` + +When set to false, script will run every time the template is deployed. When set to true, the script will only run once. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `scriptContent` + +Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountResourceId` + +The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportingScriptUris` + +List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeout` + +Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. +- Required: No +- Type: string +- Default: `'PT1H'` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployment script. | +| `outputs` | object | The output of the deployment script. | +| `resourceGroupName` | string | The resource group the deployment script was deployed into. | +| `resourceId` | string | The resource ID of the deployment script. | + +## Cross-referenced modules + +_None_ diff --git a/modules/resources/deployment-script/main.json b/modules/resources/deployment-script/main.json index 0a7d0d9090..2f4d4f4a0d 100644 --- a/modules/resources/deployment-script/main.json +++ b/modules/resources/deployment-script/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8110228844611454639" + "version": "0.22.6.54827", + "templateHash": "13171333688007785690" }, "name": "Deployment Scripts", "description": "This module deploys a Deployment Script.", diff --git a/modules/resources/resource-group/.test/common/main.test.bicep b/modules/resources/resource-group/.test/common/main.test.bicep index 7cbc7f6c16..0090211eb1 100644 --- a/modules/resources/resource-group/.test/common/main.test.bicep +++ b/modules/resources/resource-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/resources/resource-group/.test/min/main.test.bicep b/modules/resources/resource-group/.test/min/main.test.bicep index dc9625823a..04d75955c0 100644 --- a/modules/resources/resource-group/.test/min/main.test.bicep +++ b/modules/resources/resource-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index 4c341910e3..e57cc52c30 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -4,13 +4,13 @@ This module deploys a Resource Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,57 +18,28 @@ This module deploys a Resource Group. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Resources/resourceGroups` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2021-04-01/resourceGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Resource Group. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location of the Resource Group. It uses the deployment's location when not provided. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedBy` | string | `''` | | The ID of the resource that manages this resource group. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the storage account resource. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Outputs +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/resources.resource-group:1.0.0`. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the resource group. | -| `resourceId` | string | The resource ID of the resource group. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Cross-referenced modules +### Example 1: _Using large parameter set_ -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +This instance deploys the module with most of its features enabled. -| Reference | Type | -| :-- | :-- | -| `authorization/lock/resource-group` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module resourceGroup './resources/resource-group/main.bicep' = { +module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rrgcom' params: { // Required parameters @@ -142,14 +113,17 @@ module resourceGroup './resources/resource-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module resourceGroup './resources/resource-group/main.bicep' = { +module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = { name: '${uniqueString(deployment().name)}-test-rrgmin' params: { // Required parameters @@ -186,3 +160,89 @@ module resourceGroup './resources/resource-group/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Resource Group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location of the Resource Group. It uses the deployment's location when not provided. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedBy`](#parameter-managedby) | string | The ID of the resource that manages this resource group. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the storage account resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location of the Resource Group. It uses the deployment's location when not provided. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedBy` + +The ID of the resource that manages this resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Resource Group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the storage account resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the resource group. | +| `resourceId` | string | The resource ID of the resource group. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/authorization/lock/resource-group` | Local reference | diff --git a/modules/resources/resource-group/main.json b/modules/resources/resource-group/main.json index 2e9a71ba0e..311d143451 100644 --- a/modules/resources/resource-group/main.json +++ b/modules/resources/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3729995632350323768" + "version": "0.22.6.54827", + "templateHash": "698589074683460032" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -116,8 +116,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10420976827552614779" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", @@ -249,8 +249,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1146156557420886689" + "version": "0.22.6.54827", + "templateHash": "9238529270860750175" } }, "parameters": { diff --git a/modules/resources/tags/.test/min/main.test.bicep b/modules/resources/tags/.test/min/main.test.bicep index bd4d81cfe3..4afd22e26f 100644 --- a/modules/resources/tags/.test/min/main.test.bicep +++ b/modules/resources/tags/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/resources/tags/README.md b/modules/resources/tags/README.md index 8c84394fa8..9135bfb176 100644 --- a/modules/resources/tags/README.md +++ b/modules/resources/tags/README.md @@ -5,10 +5,10 @@ This module deploys a Resource Tag at a Subscription or Resource Group scope. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,47 +16,29 @@ This module deploys a Resource Tag at a Subscription or Resource Group scope. | :-- | :-- | | `Microsoft.Resources/tags` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2021-04-01/tags) | -## Parameters - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. | -| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | -| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | -| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the tags resource. | -| `resourceId` | string | The resource ID of the applied tags. | -| `tags` | object | The applied tags. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/resources.tags:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Rg](#example-2-rg) +- [Sub](#example-3-sub) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Min

via Bicep module ```bicep -module tags './resources/tags/main.bicep' = { +module tags 'br:bicep/modules/resources.tags:1.0.0' = { name: '${uniqueString(deployment().name)}-test-rtmin' params: { enableDefaultTelemetry: '' @@ -86,14 +68,14 @@ module tags './resources/tags/main.bicep' = {

-

Example 2: Rg

+### Example 2: _Rg_
via Bicep module ```bicep -module tags './resources/tags/main.bicep' = { +module tags 'br:bicep/modules/resources.tags:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-rtrg' params: { enableDefaultTelemetry: '' @@ -143,14 +125,14 @@ module tags './resources/tags/main.bicep' = {

-

Example 3: Sub

+### Example 3: _Sub_
via Bicep module ```bicep -module tags './resources/tags/main.bicep' = { +module tags 'br:bicep/modules/resources.tags:1.0.0' = { name: '${uniqueString(deployment().name)}-test-rtsub' params: { enableDefaultTelemetry: '' @@ -195,3 +177,72 @@ module tags './resources/tags/main.bicep' = {

+ + +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`onlyUpdate`](#parameter-onlyupdate) | bool | Instead of overwriting the existing tags, combine them with the new tags. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | +| [`tags`](#parameter-tags) | object | Tags for the resource group. If not provided, removes existing tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `onlyUpdate` + +Instead of overwriting the existing tags, combine them with the new tags. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. +- Required: No +- Type: string +- Default: `[subscription().id]` + +### Parameter: `tags` + +Tags for the resource group. If not provided, removes existing tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the tags resource. | +| `resourceId` | string | The resource ID of the applied tags. | +| `tags` | object | The applied tags. | + +## Cross-referenced modules + +_None_ diff --git a/modules/resources/tags/main.json b/modules/resources/tags/main.json index 4458dbbe53..85a73c4674 100644 --- a/modules/resources/tags/main.json +++ b/modules/resources/tags/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15623552838363512630" + "version": "0.22.6.54827", + "templateHash": "17959459334247355830" }, "name": "Resources Tags", "description": "This module deploys a Resource Tag at a Subscription or Resource Group scope.", @@ -105,8 +105,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "791889452516757013" + "version": "0.22.6.54827", + "templateHash": "17975356792950377604" }, "name": "Resources Tags Subscription Scope", "description": "This module deploys a Resource Tag on a Subscription scope.", @@ -186,8 +186,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9008008606560089334" + "version": "0.22.6.54827", + "templateHash": "18269006446765776342" } }, "parameters": { @@ -267,8 +267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11114375852398740809" + "version": "0.22.6.54827", + "templateHash": "8701740381622545052" }, "name": "Resources Tags Resource Group", "description": "This module deploys a Resource Tag on a Resource Group scope.", @@ -339,8 +339,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4678848348426348914" + "version": "0.22.6.54827", + "templateHash": "8737749583083645128" } }, "parameters": { diff --git a/modules/resources/tags/resource-group/README.md b/modules/resources/tags/resource-group/README.md index b01512e657..678fc74561 100644 --- a/modules/resources/tags/resource-group/README.md +++ b/modules/resources/tags/resource-group/README.md @@ -19,16 +19,37 @@ This module deploys a Resource Tag on a Resource Group scope. **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. | -| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`onlyUpdate`](#parameter-onlyupdate) | bool | Instead of overwriting the existing tags, combine them with the new tags. | +| [`tags`](#parameter-tags) | object | Tags for the resource group. If not provided, removes existing tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `onlyUpdate` + +Instead of overwriting the existing tags, combine them with the new tags. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags for the resource group. If not provided, removes existing tags. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the tags resource. | | `resourceGroupName` | string | The name of the resource group the tags were applied to. | diff --git a/modules/resources/tags/resource-group/main.json b/modules/resources/tags/resource-group/main.json index fabaa09756..8e1a7b8b39 100644 --- a/modules/resources/tags/resource-group/main.json +++ b/modules/resources/tags/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4275347865908810280" + "version": "0.22.6.54827", + "templateHash": "8701740381622545052" }, "name": "Resources Tags Resource Group", "description": "This module deploys a Resource Tag on a Resource Group scope.", @@ -76,8 +76,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5447313974004996573" + "version": "0.22.6.54827", + "templateHash": "8737749583083645128" } }, "parameters": { diff --git a/modules/resources/tags/subscription/README.md b/modules/resources/tags/subscription/README.md index 384fb2c7e9..48c7d355a0 100644 --- a/modules/resources/tags/subscription/README.md +++ b/modules/resources/tags/subscription/README.md @@ -19,17 +19,45 @@ This module deploys a Resource Tag on a Subscription scope. **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. | -| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`onlyUpdate`](#parameter-onlyupdate) | bool | Instead of overwriting the existing tags, combine them with the new tags. | +| [`tags`](#parameter-tags) | object | Tags for the resource group. If not provided, removes existing tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `onlyUpdate` + +Instead of overwriting the existing tags, combine them with the new tags. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags for the resource group. If not provided, removes existing tags. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the tags resource. | | `resourceId` | string | The resource ID of the applied tags. | diff --git a/modules/resources/tags/subscription/main.json b/modules/resources/tags/subscription/main.json index 615fd9ce66..467d62828b 100644 --- a/modules/resources/tags/subscription/main.json +++ b/modules/resources/tags/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17445460813956994133" + "version": "0.22.6.54827", + "templateHash": "17975356792950377604" }, "name": "Resources Tags Subscription Scope", "description": "This module deploys a Resource Tag on a Subscription scope.", @@ -85,8 +85,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "373680921396677494" + "version": "0.22.6.54827", + "templateHash": "18269006446765776342" } }, "parameters": { diff --git a/modules/search/search-service/.test/common/main.test.bicep b/modules/search/search-service/.test/common/main.test.bicep index a57241f341..299cc6438a 100644 --- a/modules/search/search-service/.test/common/main.test.bicep +++ b/modules/search/search-service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/search/search-service/.test/min/main.test.bicep b/modules/search/search-service/.test/min/main.test.bicep index 6a2b1474fb..4f66e7b2e4 100644 --- a/modules/search/search-service/.test/min/main.test.bicep +++ b/modules/search/search-service/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/search/search-service/README.md b/modules/search/search-service/README.md index ab526edefb..3cc54ce756 100644 --- a/modules/search/search-service/README.md +++ b/modules/search/search-service/README.md @@ -5,10 +5,10 @@ This module deploys a Search Service. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,76 +22,29 @@ This module deploys a Search Service. | `Microsoft.Search/searchServices` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Search/2022-09-01/searchServices) | | `Microsoft.Search/searchServices/sharedPrivateLinkResources` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Search/2022-09-01/searchServices/sharedPrivateLinkResources) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authOptions` | object | `{object}` | | Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true. | -| `cmkEnforcement` | string | `'Unspecified'` | `[Disabled, Enabled, Unspecified]` | Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[OperationLogs]` | `[OperationLogs]` | The name of logs that will be streamed. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `disableLocalAuth` | bool | `True` | | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `hostingMode` | string | `'default'` | `[default, highDensity]` | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkRuleSet` | object | `{object}` | | Network specific rules that determine how the Azure Cognitive Search service may be reached. | -| `partitionCount` | int | `1` | | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `'enabled'` | `[disabled, enabled]` | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | -| `replicaCount` | int | `1` | | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sharedPrivateLinkResources` | array | `[]` | | The sharedPrivateLinkResources to create as part of the search Service. | -| `sku` | string | `'standard'` | `[basic, free, standard, standard2, standard3, storage_optimized_l1, storage_optimized_l2]` | Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags to help categorize the resource in the Azure portal. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the search service. | -| `resourceGroupName` | string | The name of the resource group the search service was created in. | -| `resourceId` | string | The resource ID of the search service. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/search.search-service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module searchService './search/search-service/main.bicep' = { +module searchService 'br:bicep/modules/search.search-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssscom' params: { // Required parameters @@ -257,14 +210,17 @@ module searchService './search/search-service/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module searchService './search/search-service/main.bicep' = { +module searchService 'br:bicep/modules/search.search-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sssmin' params: { // Required parameters @@ -302,14 +258,14 @@ module searchService './search/search-service/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module searchService './search/search-service/main.bicep' = { +module searchService 'br:bicep/modules/search.search-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssspe' params: { // Required parameters @@ -432,3 +388,240 @@ module searchService './search/search-service/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authOptions`](#parameter-authoptions) | object | Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true. | +| [`cmkEnforcement`](#parameter-cmkenforcement) | string | Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`hostingMode`](#parameter-hostingmode) | string | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkRuleSet`](#parameter-networkruleset) | object | Network specific rules that determine how the Azure Cognitive Search service may be reached. | +| [`partitionCount`](#parameter-partitioncount) | int | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | +| [`replicaCount`](#parameter-replicacount) | int | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sharedPrivateLinkResources`](#parameter-sharedprivatelinkresources) | array | The sharedPrivateLinkResources to create as part of the search Service. | +| [`sku`](#parameter-sku) | string | Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags to help categorize the resource in the Azure portal. | + +### Parameter: `authOptions` + +Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `cmkEnforcement` + +Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys. +- Required: No +- Type: string +- Default: `'Unspecified'` +- Allowed: `[Disabled, Enabled, Unspecified]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[OperationLogs]` +- Allowed: `[OperationLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostingMode` + +Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. +- Required: No +- Type: string +- Default: `'default'` +- Allowed: `[default, highDensity]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. +- Required: Yes +- Type: string + +### Parameter: `networkRuleSet` + +Network specific rules that determine how the Azure Cognitive Search service may be reached. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `partitionCount` + +The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `replicaCount` + +The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sharedPrivateLinkResources` + +The sharedPrivateLinkResources to create as part of the search Service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. +- Required: No +- Type: string +- Default: `'standard'` +- Allowed: `[basic, free, standard, standard2, standard3, storage_optimized_l1, storage_optimized_l2]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags to help categorize the resource in the Azure portal. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the search service. | +| `resourceGroupName` | string | The name of the resource group the search service was created in. | +| `resourceId` | string | The resource ID of the search service. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/search/search-service/main.json b/modules/search/search-service/main.json index 395192b732..7a348d26c6 100644 --- a/modules/search/search-service/main.json +++ b/modules/search/search-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10072822591333511170" + "version": "0.22.6.54827", + "templateHash": "6550974299074570161" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -356,8 +356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11875440755487903509" + "version": "0.22.6.54827", + "templateHash": "18375388175912544361" } }, "parameters": { @@ -520,8 +520,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -720,8 +720,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -858,8 +858,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1074,8 +1074,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11160181254796997108" + "version": "0.22.6.54827", + "templateHash": "13590696020139320386" }, "name": "Search Services Private Link Resources", "description": "This module deploys a Search Service Private Link Resource.", diff --git a/modules/search/search-service/shared-private-link-resource/README.md b/modules/search/search-service/shared-private-link-resource/README.md index 130c6c31ef..1edd330b70 100644 --- a/modules/search/search-service/shared-private-link-resource/README.md +++ b/modules/search/search-service/shared-private-link-resource/README.md @@ -19,30 +19,74 @@ This module deploys a Search Service Private Link Resource. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `groupId` | string | The group ID from the provider of resource the shared private link resource is for. | -| `name` | string | The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group. | -| `privateLinkResourceId` | string | The resource ID of the resource the shared private link resource is for. | -| `requestMessage` | string | The request message for requesting approval of the shared private link resource. | +| [`groupId`](#parameter-groupid) | string | The group ID from the provider of resource the shared private link resource is for. | +| [`name`](#parameter-name) | string | The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group. | +| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The resource ID of the resource the shared private link resource is for. | +| [`requestMessage`](#parameter-requestmessage) | string | The request message for requesting approval of the shared private link resource. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `searchServiceName` | string | The name of the parent searchServices. Required if the template is used in a standalone deployment. | +| [`searchServiceName`](#parameter-searchservicename) | string | The name of the parent searchServices. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `resourceRegion` | string | `''` | Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`resourceRegion`](#parameter-resourceregion) | string | Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groupId` + +The group ID from the provider of resource the shared private link resource is for. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group. +- Required: Yes +- Type: string + +### Parameter: `privateLinkResourceId` + +The resource ID of the resource the shared private link resource is for. +- Required: Yes +- Type: string + +### Parameter: `requestMessage` + +The request message for requesting approval of the shared private link resource. +- Required: Yes +- Type: string + +### Parameter: `resourceRegion` + +Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `searchServiceName` + +The name of the parent searchServices. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the shared private link resource. | | `resourceGroupName` | string | The name of the resource group the shared private link resource was created in. | diff --git a/modules/search/search-service/shared-private-link-resource/main.json b/modules/search/search-service/shared-private-link-resource/main.json index 0c83833c1a..aa59a81fa9 100644 --- a/modules/search/search-service/shared-private-link-resource/main.json +++ b/modules/search/search-service/shared-private-link-resource/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13822392072513993341" + "version": "0.22.6.54827", + "templateHash": "13590696020139320386" }, "name": "Search Services Private Link Resources", "description": "This module deploys a Search Service Private Link Resource.", diff --git a/modules/security/azure-security-center/.test/common/main.test.bicep b/modules/security/azure-security-center/.test/common/main.test.bicep index 1ad4a24cdd..a1caae0519 100644 --- a/modules/security/azure-security-center/.test/common/main.test.bicep +++ b/modules/security/azure-security-center/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/security/azure-security-center/README.md b/modules/security/azure-security-center/README.md index 98bd54bdda..9c0167a1ef 100644 --- a/modules/security/azure-security-center/README.md +++ b/modules/security/azure-security-center/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Security Center (Defender for Cloud) Configuration. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,66 +21,27 @@ This module deploys an Azure Security Center (Defender for Cloud) Configuration. | `Microsoft.Security/securityContacts` | [2017-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/securityContacts) | | `Microsoft.Security/workspaceSettings` | [2017-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/workspaceSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `scope` | string | All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. | -| `workspaceId` | string | The full Azure ID of the workspace to save the data in. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appServicesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `armPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `autoProvision` | string | `'On'` | `[Off, On]` | Describes what kind of security agent provisioning action to take. - On or Off. | -| `containerRegistryPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `containersTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `cosmosDbsTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `deviceSecurityGroupProperties` | object | `{object}` | | Device Security group data. | -| `dnsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ioTSecuritySolutionProperties` | object | `{object}` | | Security Solution data. | -| `keyVaultsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `kubernetesServicePricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `openSourceRelationalDatabasesTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `securityContactProperties` | object | `{object}` | | Security contact data. | -| `sqlServersPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `sqlServerVirtualMachinesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `storageAccountsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `virtualMachinesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the security center. | -| `workspaceId` | string | The resource ID of the used log analytics workspace. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/security.azure-security-center:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module azureSecurityCenter './security/azure-security-center/main.bicep' = { +module azureSecurityCenter 'br:bicep/modules/security.azure-security-center:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sasccom' params: { // Required parameters @@ -131,3 +92,208 @@ module azureSecurityCenter './security/azure-security-center/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`scope`](#parameter-scope) | string | All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. | +| [`workspaceId`](#parameter-workspaceid) | string | The full Azure ID of the workspace to save the data in. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appServicesPricingTier`](#parameter-appservicespricingtier) | string | The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`armPricingTier`](#parameter-armpricingtier) | string | The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`autoProvision`](#parameter-autoprovision) | string | Describes what kind of security agent provisioning action to take. - On or Off. | +| [`containerRegistryPricingTier`](#parameter-containerregistrypricingtier) | string | The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`containersTier`](#parameter-containerstier) | string | The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`cosmosDbsTier`](#parameter-cosmosdbstier) | string | The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`deviceSecurityGroupProperties`](#parameter-devicesecuritygroupproperties) | object | Device Security group data. | +| [`dnsPricingTier`](#parameter-dnspricingtier) | string | The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ioTSecuritySolutionProperties`](#parameter-iotsecuritysolutionproperties) | object | Security Solution data. | +| [`keyVaultsPricingTier`](#parameter-keyvaultspricingtier) | string | The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`kubernetesServicePricingTier`](#parameter-kubernetesservicepricingtier) | string | The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`openSourceRelationalDatabasesTier`](#parameter-opensourcerelationaldatabasestier) | string | The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`securityContactProperties`](#parameter-securitycontactproperties) | object | Security contact data. | +| [`sqlServersPricingTier`](#parameter-sqlserverspricingtier) | string | The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`sqlServerVirtualMachinesPricingTier`](#parameter-sqlservervirtualmachinespricingtier) | string | The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`storageAccountsPricingTier`](#parameter-storageaccountspricingtier) | string | The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +| [`virtualMachinesPricingTier`](#parameter-virtualmachinespricingtier) | string | The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | + +### Parameter: `appServicesPricingTier` + +The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `armPricingTier` + +The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `autoProvision` + +Describes what kind of security agent provisioning action to take. - On or Off. +- Required: No +- Type: string +- Default: `'On'` +- Allowed: `[Off, On]` + +### Parameter: `containerRegistryPricingTier` + +The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `containersTier` + +The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `cosmosDbsTier` + +The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `deviceSecurityGroupProperties` + +Device Security group data. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `dnsPricingTier` + +The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ioTSecuritySolutionProperties` + +Security Solution data. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `keyVaultsPricingTier` + +The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `kubernetesServicePricingTier` + +The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `openSourceRelationalDatabasesTier` + +The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `scope` + +All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. +- Required: Yes +- Type: string + +### Parameter: `securityContactProperties` + +Security contact data. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `sqlServersPricingTier` + +The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `sqlServerVirtualMachinesPricingTier` + +The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `storageAccountsPricingTier` + +The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `virtualMachinesPricingTier` + +The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `workspaceId` + +The full Azure ID of the workspace to save the data in. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the security center. | +| `workspaceId` | string | The resource ID of the used log analytics workspace. | + +## Cross-referenced modules + +_None_ diff --git a/modules/security/azure-security-center/main.json b/modules/security/azure-security-center/main.json index d9d382b69c..cf4fce1f0b 100644 --- a/modules/security/azure-security-center/main.json +++ b/modules/security/azure-security-center/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11416260825097629257" + "version": "0.22.6.54827", + "templateHash": "5337788890835022528" }, "name": "Azure Security Center (Defender for Cloud)", "description": "This module deploys an Azure Security Center (Defender for Cloud) Configuration.", @@ -364,8 +364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13016057569340125747" + "version": "0.22.6.54827", + "templateHash": "15519935694361963633" } }, "parameters": { diff --git a/modules/service-bus/namespace/.test/common/main.test.bicep b/modules/service-bus/namespace/.test/common/main.test.bicep index e0ad9fc570..b7ffb57b2a 100644 --- a/modules/service-bus/namespace/.test/common/main.test.bicep +++ b/modules/service-bus/namespace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/service-bus/namespace/.test/min/main.test.bicep b/modules/service-bus/namespace/.test/min/main.test.bicep index 0656221b4e..81c5af272a 100644 --- a/modules/service-bus/namespace/.test/min/main.test.bicep +++ b/modules/service-bus/namespace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/service-bus/namespace/README.md b/modules/service-bus/namespace/README.md index eb97303df4..67765a898b 100644 --- a/modules/service-bus/namespace/README.md +++ b/modules/service-bus/namespace/README.md @@ -4,13 +4,13 @@ This module deploys a Service Bus Namespace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -29,92 +29,30 @@ This module deploys a Service Bus Namespace. | `Microsoft.ServiceBus/namespaces/topics` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics) | | `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics/authorizationRules) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Service Bus Namespace. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Conditional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/service-bus.namespace:1.0.0`. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) -**Optional parameters** +### Example 1: _Using large parameter set_ -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `alternateName` | string | `''` | | Alternate name for namespace. | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Service Bus namespace. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. If not provided, encryption is automatically enabled with a Microsoft-managed key. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, OperationalLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | This property disables SAS authentication for the Service Bus namespace. | -| `disasterRecoveryConfigs` | object | `{object}` | | The disaster recovery configuration. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `migrationConfigurations` | object | `{object}` | | The migration configuration. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | The minimum TLS version for the cluster to support. | -| `networkRuleSets` | object | `{object}` | | Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | -| `premiumMessagingPartitions` | int | `1` | | The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled, SecuredByPerimeter]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `queues` | array | `[]` | | The queues to create in the service bus namespace. | -| `requireInfrastructureEncryption` | bool | `True` | | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | `[1, 2, 4, 8, 16, 32]` | The specified messaging units for the tier. Only used for Premium Sku tier. | -| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | Name of this SKU. - Basic, Standard, Premium. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `topics` | array | `[]` | | The topics to create in the service bus namespace. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `False` | | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. | +This instance deploys the module with most of its features enabled. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed service bus namespace. | -| `resourceGroupName` | string | The resource group of the deployed service bus namespace. | -| `resourceId` | string | The resource ID of the deployed service bus namespace. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

-
via Bicep module ```bicep -module namespace './service-bus/namespace/main.bicep' = { +module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sbncom' params: { // Required parameters @@ -488,14 +426,14 @@ module namespace './service-bus/namespace/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module namespace './service-bus/namespace/main.bicep' = { +module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sbnencr' params: { // Required parameters @@ -671,14 +609,17 @@ module namespace './service-bus/namespace/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module namespace './service-bus/namespace/main.bicep' = { +module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sbnmin' params: { // Required parameters @@ -716,14 +657,14 @@ module namespace './service-bus/namespace/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module namespace './service-bus/namespace/main.bicep' = { +module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sbnpe' params: { // Required parameters @@ -814,3 +755,326 @@ module namespace './service-bus/namespace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Service Bus Namespace. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`alternateName`](#parameter-alternatename) | string | Alternate name for namespace. | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Service Bus namespace. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. If not provided, encryption is automatically enabled with a Microsoft-managed key. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | This property disables SAS authentication for the Service Bus namespace. | +| [`disasterRecoveryConfigs`](#parameter-disasterrecoveryconfigs) | object | The disaster recovery configuration. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`migrationConfigurations`](#parameter-migrationconfigurations) | object | The migration configuration. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version for the cluster to support. | +| [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | +| [`premiumMessagingPartitions`](#parameter-premiummessagingpartitions) | int | The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`queues`](#parameter-queues) | array | The queues to create in the service bus namespace. | +| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuCapacity`](#parameter-skucapacity) | int | The specified messaging units for the tier. Only used for Premium Sku tier. | +| [`skuName`](#parameter-skuname) | string | Name of this SKU. - Basic, Standard, Premium. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`topics`](#parameter-topics) | array | The topics to create in the service bus namespace. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. | + +### Parameter: `alternateName` + +Alternate name for namespace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `authorizationRules` + +Authorization Rules for the Service Bus namespace. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. If not provided, encryption is automatically enabled with a Microsoft-managed key. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, OperationalLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +This property disables SAS authentication for the Service Bus namespace. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `disasterRecoveryConfigs` + +The disaster recovery configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `migrationConfigurations` + +The migration configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `minimumTlsVersion` + +The minimum TLS version for the cluster to support. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +Name of the Service Bus Namespace. +- Required: Yes +- Type: string + +### Parameter: `networkRuleSets` + +Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `premiumMessagingPartitions` + +The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled, SecuredByPerimeter]` + +### Parameter: `queues` + +The queues to create in the service bus namespace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `requireInfrastructureEncryption` + +Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +The specified messaging units for the tier. Only used for Premium Sku tier. +- Required: No +- Type: int +- Default: `1` +- Allowed: `[1, 2, 4, 8, 16, 32]` + +### Parameter: `skuName` + +Name of this SKU. - Basic, Standard, Premium. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topics` + +The topics to create in the service bus namespace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed service bus namespace. | +| `resourceGroupName` | string | The resource group of the deployed service bus namespace. | +| `resourceId` | string | The resource ID of the deployed service bus namespace. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/service-bus/namespace/authorization-rule/README.md b/modules/service-bus/namespace/authorization-rule/README.md index 04226f8184..b4bec73526 100644 --- a/modules/service-bus/namespace/authorization-rule/README.md +++ b/modules/service-bus/namespace/authorization-rule/README.md @@ -19,27 +19,54 @@ This module deploys a Service Bus Namespace Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | diff --git a/modules/service-bus/namespace/disaster-recovery-config/README.md b/modules/service-bus/namespace/disaster-recovery-config/README.md index 117b394910..f018bb7277 100644 --- a/modules/service-bus/namespace/disaster-recovery-config/README.md +++ b/modules/service-bus/namespace/disaster-recovery-config/README.md @@ -19,23 +19,57 @@ This module deploys a Service Bus Namespace Disaster Recovery Config **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `alternateName` | string | `''` | Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'default'` | The name of the disaster recovery config. | -| `partnerNamespaceResourceID` | string | `''` | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`alternateName`](#parameter-alternatename) | string | Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the disaster recovery config. | +| [`partnerNamespaceResourceID`](#parameter-partnernamespaceresourceid) | string | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | + +### Parameter: `alternateName` + +Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the disaster recovery config. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `partnerNamespaceResourceID` + +Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the disaster recovery config. | | `resourceGroupName` | string | The name of the Resource Group the disaster recovery config was created in. | diff --git a/modules/service-bus/namespace/migration-configuration/README.md b/modules/service-bus/namespace/migration-configuration/README.md index 445edd7e6a..26b9a9b0dd 100644 --- a/modules/service-bus/namespace/migration-configuration/README.md +++ b/modules/service-bus/namespace/migration-configuration/README.md @@ -19,27 +19,52 @@ This module deploys a Service Bus Namespace Migration Configuration. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `postMigrationName` | string | Name to access Standard Namespace after migration. | -| `targetNamespaceResourceId` | string | Existing premium Namespace resource ID which has no entities, will be used for migration. | +| [`postMigrationName`](#parameter-postmigrationname) | string | Name to access Standard Namespace after migration. | +| [`targetNamespaceResourceId`](#parameter-targetnamespaceresourceid) | string | Existing premium Namespace resource ID which has no entities, will be used for migration. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `postMigrationName` + +Name to access Standard Namespace after migration. +- Required: Yes +- Type: string + +### Parameter: `targetNamespaceResourceId` + +Existing premium Namespace resource ID which has no entities, will be used for migration. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the migration configuration. | | `resourceGroupName` | string | The name of the Resource Group the migration configuration was created in. | diff --git a/modules/service-bus/namespace/network-rule-set/README.md b/modules/service-bus/namespace/network-rule-set/README.md index 2ee50b770c..e24150422b 100644 --- a/modules/service-bus/namespace/network-rule-set/README.md +++ b/modules/service-bus/namespace/network-rule-set/README.md @@ -19,25 +19,75 @@ This module deploys a ServiceBus Namespace Network Rule Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Network Rule Set. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Network Rule Set. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `defaultAction` | string | `'Allow'` | `[Allow, Deny]` | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipRules` | array | `[]` | | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | -| `trustedServiceAccessEnabled` | bool | `True` | | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | -| `virtualNetworkRules` | array | `[]` | | List virtual network rules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`defaultAction`](#parameter-defaultaction) | string | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipRules`](#parameter-iprules) | array | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | +| [`trustedServiceAccessEnabled`](#parameter-trustedserviceaccessenabled) | bool | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | +| [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | List virtual network rules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | + +### Parameter: `defaultAction` + +Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. +- Required: No +- Type: string +- Default: `'Allow'` +- Allowed: `[Allow, Deny]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipRules` + +List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Network Rule Set. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `trustedServiceAccessEnabled` + +Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `virtualNetworkRules` + +List virtual network rules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the network rule set. | | `resourceGroupName` | string | The name of the resource group the network rule set was created in. | diff --git a/modules/service-bus/namespace/queue/README.md b/modules/service-bus/namespace/queue/README.md index 23a86f0b78..e77f024a24 100644 --- a/modules/service-bus/namespace/queue/README.md +++ b/modules/service-bus/namespace/queue/README.md @@ -4,12 +4,12 @@ This module deploys a Service Bus Namespace Queue. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,45 +22,199 @@ This module deploys a Service Bus Namespace Queue. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Service Bus Queue. | +| [`name`](#parameter-name) | string | Name of the Service Bus Queue. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Service Bus Queue. | -| `autoDeleteOnIdle` | string | `''` | | ISO 8061 timeSpan idle interval after which the queue is automatically deleted. The minimum duration is 5 minutes (PT5M). | -| `deadLetteringOnMessageExpiration` | bool | `True` | | A value that indicates whether this queue has dead letter support when a message expires. | -| `defaultMessageTimeToLive` | string | `'P14D'` | | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. | -| `duplicateDetectionHistoryTimeWindow` | string | `'PT10M'` | | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. | -| `enableBatchedOperations` | bool | `True` | | Value that indicates whether server-side batched operations are enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableExpress` | bool | `False` | | A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage. | -| `enablePartitioning` | bool | `False` | | A value that indicates whether the queue is to be partitioned across multiple message brokers. | -| `forwardDeadLetteredMessagesTo` | string | `''` | | Queue/Topic name to forward the Dead Letter message. | -| `forwardTo` | string | `''` | | Queue/Topic name to forward the messages. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `lockDuration` | string | `'PT1M'` | | ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. | -| `maxDeliveryCount` | int | `10` | | The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. | -| `maxMessageSizeInKilobytes` | int | `1024` | | Maximum size (in KB) of the message payload that can be accepted by the queue. This property is only used in Premium today and default is 1024. | -| `maxSizeInMegabytes` | int | `1024` | | The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024. | -| `requiresDuplicateDetection` | bool | `False` | | A value indicating if this queue requires duplicate detection. | -| `requiresSession` | bool | `False` | | A value that indicates whether the queue supports the concept of sessions. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `status` | string | `'Active'` | `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Service Bus Queue. | +| [`autoDeleteOnIdle`](#parameter-autodeleteonidle) | string | ISO 8061 timeSpan idle interval after which the queue is automatically deleted. The minimum duration is 5 minutes (PT5M). | +| [`deadLetteringOnMessageExpiration`](#parameter-deadletteringonmessageexpiration) | bool | A value that indicates whether this queue has dead letter support when a message expires. | +| [`defaultMessageTimeToLive`](#parameter-defaultmessagetimetolive) | string | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. | +| [`duplicateDetectionHistoryTimeWindow`](#parameter-duplicatedetectionhistorytimewindow) | string | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. | +| [`enableBatchedOperations`](#parameter-enablebatchedoperations) | bool | Value that indicates whether server-side batched operations are enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableExpress`](#parameter-enableexpress) | bool | A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage. | +| [`enablePartitioning`](#parameter-enablepartitioning) | bool | A value that indicates whether the queue is to be partitioned across multiple message brokers. | +| [`forwardDeadLetteredMessagesTo`](#parameter-forwarddeadletteredmessagesto) | string | Queue/Topic name to forward the Dead Letter message. | +| [`forwardTo`](#parameter-forwardto) | string | Queue/Topic name to forward the messages. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lockDuration`](#parameter-lockduration) | string | ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. | +| [`maxDeliveryCount`](#parameter-maxdeliverycount) | int | The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. | +| [`maxMessageSizeInKilobytes`](#parameter-maxmessagesizeinkilobytes) | int | Maximum size (in KB) of the message payload that can be accepted by the queue. This property is only used in Premium today and default is 1024. | +| [`maxSizeInMegabytes`](#parameter-maxsizeinmegabytes) | int | The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024. | +| [`requiresDuplicateDetection`](#parameter-requiresduplicatedetection) | bool | A value indicating if this queue requires duplicate detection. | +| [`requiresSession`](#parameter-requiressession) | bool | A value that indicates whether the queue supports the concept of sessions. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`status`](#parameter-status) | string | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | + +### Parameter: `authorizationRules` + +Authorization Rules for the Service Bus Queue. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `autoDeleteOnIdle` + +ISO 8061 timeSpan idle interval after which the queue is automatically deleted. The minimum duration is 5 minutes (PT5M). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `deadLetteringOnMessageExpiration` + +A value that indicates whether this queue has dead letter support when a message expires. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `defaultMessageTimeToLive` + +ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. +- Required: No +- Type: string +- Default: `'P14D'` + +### Parameter: `duplicateDetectionHistoryTimeWindow` + +ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. +- Required: No +- Type: string +- Default: `'PT10M'` + +### Parameter: `enableBatchedOperations` + +Value that indicates whether server-side batched operations are enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableExpress` + +A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePartitioning` + +A value that indicates whether the queue is to be partitioned across multiple message brokers. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `forwardDeadLetteredMessagesTo` + +Queue/Topic name to forward the Dead Letter message. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `forwardTo` + +Queue/Topic name to forward the messages. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `lockDuration` + +ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. +- Required: No +- Type: string +- Default: `'PT1M'` + +### Parameter: `maxDeliveryCount` + +The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. +- Required: No +- Type: int +- Default: `10` + +### Parameter: `maxMessageSizeInKilobytes` + +Maximum size (in KB) of the message payload that can be accepted by the queue. This property is only used in Premium today and default is 1024. +- Required: No +- Type: int +- Default: `1024` + +### Parameter: `maxSizeInMegabytes` + +The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024. +- Required: No +- Type: int +- Default: `1024` + +### Parameter: `name` + +Name of the Service Bus Queue. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `requiresDuplicateDetection` + +A value indicating if this queue requires duplicate detection. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `requiresSession` + +A value that indicates whether the queue supports the concept of sessions. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `status` + +Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. +- Required: No +- Type: string +- Default: `'Active'` +- Allowed: `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed queue. | | `resourceGroupName` | string | The resource group of the deployed queue. | diff --git a/modules/service-bus/namespace/queue/authorization-rule/README.md b/modules/service-bus/namespace/queue/authorization-rule/README.md index 9d3235856b..953b3a3459 100644 --- a/modules/service-bus/namespace/queue/authorization-rule/README.md +++ b/modules/service-bus/namespace/queue/authorization-rule/README.md @@ -19,28 +19,61 @@ This module deploys a Service Bus Namespace Queue Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the service bus namepace queue. | +| [`name`](#parameter-name) | string | The name of the service bus namepace queue. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. | -| `queueName` | string | The name of the parent Service Bus Namespace Queue. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. | +| [`queueName`](#parameter-queuename) | string | The name of the parent Service Bus Namespace Queue. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the service bus namepace queue. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `queueName` + +The name of the parent Service Bus Namespace Queue. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | diff --git a/modules/service-bus/namespace/topic/README.md b/modules/service-bus/namespace/topic/README.md index 51fe952267..a554531ad1 100644 --- a/modules/service-bus/namespace/topic/README.md +++ b/modules/service-bus/namespace/topic/README.md @@ -22,40 +22,159 @@ This module deploys a Service Bus Namespace Topic. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Service Bus Topic. | +| [`name`](#parameter-name) | string | Name of the Service Bus Topic. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Service Bus Topic. | -| `autoDeleteOnIdle` | string | `'PT5M'` | | ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. | -| `defaultMessageTimeToLive` | string | `'P14D'` | | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. | -| `duplicateDetectionHistoryTimeWindow` | string | `'PT10M'` | | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. | -| `enableBatchedOperations` | bool | `True` | | Value that indicates whether server-side batched operations are enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableExpress` | bool | `False` | | A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. | -| `enablePartitioning` | bool | `False` | | A value that indicates whether the topic is to be partitioned across multiple message brokers. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxMessageSizeInKilobytes` | int | `1024` | | Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. | -| `maxSizeInMegabytes` | int | `1024` | | The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024. | -| `requiresDuplicateDetection` | bool | `False` | | A value indicating if this topic requires duplicate detection. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `status` | string | `'Active'` | `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | -| `supportOrdering` | bool | `False` | | Value that indicates whether the topic supports ordering. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Service Bus Topic. | +| [`autoDeleteOnIdle`](#parameter-autodeleteonidle) | string | ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. | +| [`defaultMessageTimeToLive`](#parameter-defaultmessagetimetolive) | string | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. | +| [`duplicateDetectionHistoryTimeWindow`](#parameter-duplicatedetectionhistorytimewindow) | string | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. | +| [`enableBatchedOperations`](#parameter-enablebatchedoperations) | bool | Value that indicates whether server-side batched operations are enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableExpress`](#parameter-enableexpress) | bool | A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. | +| [`enablePartitioning`](#parameter-enablepartitioning) | bool | A value that indicates whether the topic is to be partitioned across multiple message brokers. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxMessageSizeInKilobytes`](#parameter-maxmessagesizeinkilobytes) | int | Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. | +| [`maxSizeInMegabytes`](#parameter-maxsizeinmegabytes) | int | The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024. | +| [`requiresDuplicateDetection`](#parameter-requiresduplicatedetection) | bool | A value indicating if this topic requires duplicate detection. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`status`](#parameter-status) | string | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | +| [`supportOrdering`](#parameter-supportordering) | bool | Value that indicates whether the topic supports ordering. | + +### Parameter: `authorizationRules` + +Authorization Rules for the Service Bus Topic. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `autoDeleteOnIdle` + +ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. +- Required: No +- Type: string +- Default: `'PT5M'` + +### Parameter: `defaultMessageTimeToLive` + +ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. +- Required: No +- Type: string +- Default: `'P14D'` + +### Parameter: `duplicateDetectionHistoryTimeWindow` + +ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. +- Required: No +- Type: string +- Default: `'PT10M'` + +### Parameter: `enableBatchedOperations` + +Value that indicates whether server-side batched operations are enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableExpress` + +A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePartitioning` + +A value that indicates whether the topic is to be partitioned across multiple message brokers. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxMessageSizeInKilobytes` + +Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. +- Required: No +- Type: int +- Default: `1024` + +### Parameter: `maxSizeInMegabytes` + +The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024. +- Required: No +- Type: int +- Default: `1024` + +### Parameter: `name` + +Name of the Service Bus Topic. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `requiresDuplicateDetection` + +A value indicating if this topic requires duplicate detection. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `status` + +Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. +- Required: No +- Type: string +- Default: `'Active'` +- Allowed: `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` + +### Parameter: `supportOrdering` + +Value that indicates whether the topic supports ordering. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed topic. | | `resourceGroupName` | string | The resource group of the deployed topic. | diff --git a/modules/service-bus/namespace/topic/authorization-rule/README.md b/modules/service-bus/namespace/topic/authorization-rule/README.md index 42f6aa3e9b..ec255bfbe3 100644 --- a/modules/service-bus/namespace/topic/authorization-rule/README.md +++ b/modules/service-bus/namespace/topic/authorization-rule/README.md @@ -19,28 +19,61 @@ This module deploys a Service Bus Namespace Topic Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the service bus namespace topic. | +| [`name`](#parameter-name) | string | The name of the service bus namespace topic. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. | -| `topicName` | string | The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. | +| [`topicName`](#parameter-topicname) | string | The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the service bus namespace topic. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` + +### Parameter: `topicName` + +The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | diff --git a/modules/service-fabric/cluster/.test/common/main.test.bicep b/modules/service-fabric/cluster/.test/common/main.test.bicep index 3d0d8599f6..1f35cd24db 100644 --- a/modules/service-fabric/cluster/.test/common/main.test.bicep +++ b/modules/service-fabric/cluster/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/service-fabric/cluster/.test/min/main.test.bicep b/modules/service-fabric/cluster/.test/min/main.test.bicep index 84390edecf..e7bf07187d 100644 --- a/modules/service-fabric/cluster/.test/min/main.test.bicep +++ b/modules/service-fabric/cluster/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/service-fabric/cluster/README.md b/modules/service-fabric/cluster/README.md index 1d92aa0629..4df1e6c55e 100644 --- a/modules/service-fabric/cluster/README.md +++ b/modules/service-fabric/cluster/README.md @@ -5,10 +5,10 @@ This module deploys a Service Fabric Cluster. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -20,82 +20,26 @@ This module deploys a Service Fabric Cluster. | `Microsoft.ServiceFabric/clusters` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters) | | `Microsoft.ServiceFabric/clusters/applicationTypes` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters/applicationTypes) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `managementEndpoint` | string | | The http management endpoint of the cluster. | -| `name` | string | | Name of the Service Fabric cluster. | -| `nodeTypes` | array | | The list of node types in the cluster. | -| `reliabilityLevel` | string | `[Bronze, Gold, None, Platinum, Silver]` | The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/service-fabric.cluster:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `addOnFeatures` | array | `[]` | `[BackupRestoreService, DnsService, RepairManager, ResourceMonitorService]` | The list of add-on features to enable in the cluster. | -| `applicationTypes` | array | `[]` | | Array of Service Fabric cluster application types. | -| `azureActiveDirectory` | object | `{object}` | | The settings to enable AAD authentication on the cluster. | -| `certificate` | object | `{object}` | | Describes the certificate details like thumbprint of the primary certificate, thumbprint of the secondary certificate and the local certificate store location. | -| `certificateCommonNames` | object | `{object}` | | Describes a list of server certificates referenced by common name that are used to secure the cluster. | -| `clientCertificateCommonNames` | array | `[]` | | The list of client certificates referenced by common name that are allowed to manage the cluster. | -| `clientCertificateThumbprints` | array | `[]` | | The list of client certificates referenced by thumbprint that are allowed to manage the cluster. | -| `clusterCodeVersion` | string | `''` | | The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to "Manual". To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | -| `diagnosticsStorageAccountConfig` | object | `{object}` | | The storage account information for storing Service Fabric diagnostic logs. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventStoreServiceEnabled` | bool | `False` | | Indicates if the event store service is enabled. | -| `fabricSettings` | array | `[]` | | The list of custom fabric settings to configure the cluster. | -| `infrastructureServiceManager` | bool | `False` | | Indicates if infrastructure service manager is enabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxUnusedVersionsToKeep` | int | `3` | | Number of unused versions per application type to keep. | -| `notifications` | array | `[]` | | Indicates a list of notification channels for cluster events. | -| `reverseProxyCertificate` | object | `{object}` | | Describes the certificate details. | -| `reverseProxyCertificateCommonNames` | object | `{object}` | | Describes a list of server certificates referenced by common name that are used to secure the cluster. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sfZonalUpgradeMode` | string | `'Hierarchical'` | `[Hierarchical, Parallel]` | This property controls the logical grouping of VMs in upgrade domains (UDs). This property cannot be modified if a node type with multiple Availability Zones is already present in the cluster. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `upgradeDescription` | object | `{object}` | | Describes the policy used when upgrading the cluster. | -| `upgradeMode` | string | `'Automatic'` | `[Automatic, Manual]` | The upgrade mode of the cluster when new Service Fabric runtime version is available. | -| `upgradePauseEndTimestampUtc` | string | `''` | | Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). | -| `upgradePauseStartTimestampUtc` | string | `''` | | Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). | -| `upgradeWave` | string | `'Wave0'` | `[Wave0, Wave1, Wave2]` | Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. | -| `vmImage` | string | `''` | | The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. | -| `vmssZonalUpgradeMode` | string | `'Hierarchical'` | `[Hierarchical, Parallel]` | This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added. | -| `waveUpgradePaused` | bool | `False` | | Boolean to pause automatic runtime version upgrades to the cluster. | +- [Cert](#example-1-cert) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Using only defaults](#example-3-using-only-defaults) - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `endpoint` | string | The Service Fabric Cluster endpoint. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Service Fabric Cluster name. | -| `resourceGroupName` | string | The Service Fabric Cluster resource group. | -| `resourceId` | string | The Service Fabric Cluster resource ID. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Cert

+### Example 1: _Cert_
via Bicep module ```bicep -module cluster './service-fabric/cluster/main.bicep' = { +module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sfccer' params: { // Required parameters @@ -199,14 +143,17 @@ module cluster './service-fabric/cluster/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module cluster './service-fabric/cluster/main.bicep' = { +module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sfccom' params: { // Required parameters @@ -608,14 +555,17 @@ module cluster './service-fabric/cluster/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module cluster './service-fabric/cluster/main.bicep' = { +module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sfcmin' params: { // Required parameters @@ -698,6 +648,308 @@ module cluster './service-fabric/cluster/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`managementEndpoint`](#parameter-managementendpoint) | string | The http management endpoint of the cluster. | +| [`name`](#parameter-name) | string | Name of the Service Fabric cluster. | +| [`nodeTypes`](#parameter-nodetypes) | array | The list of node types in the cluster. | +| [`reliabilityLevel`](#parameter-reliabilitylevel) | string | The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addOnFeatures`](#parameter-addonfeatures) | array | The list of add-on features to enable in the cluster. | +| [`applicationTypes`](#parameter-applicationtypes) | array | Array of Service Fabric cluster application types. | +| [`azureActiveDirectory`](#parameter-azureactivedirectory) | object | The settings to enable AAD authentication on the cluster. | +| [`certificate`](#parameter-certificate) | object | Describes the certificate details like thumbprint of the primary certificate, thumbprint of the secondary certificate and the local certificate store location. | +| [`certificateCommonNames`](#parameter-certificatecommonnames) | object | Describes a list of server certificates referenced by common name that are used to secure the cluster. | +| [`clientCertificateCommonNames`](#parameter-clientcertificatecommonnames) | array | The list of client certificates referenced by common name that are allowed to manage the cluster. | +| [`clientCertificateThumbprints`](#parameter-clientcertificatethumbprints) | array | The list of client certificates referenced by thumbprint that are allowed to manage the cluster. | +| [`clusterCodeVersion`](#parameter-clustercodeversion) | string | The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to "Manual". To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | +| [`diagnosticsStorageAccountConfig`](#parameter-diagnosticsstorageaccountconfig) | object | The storage account information for storing Service Fabric diagnostic logs. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventStoreServiceEnabled`](#parameter-eventstoreserviceenabled) | bool | Indicates if the event store service is enabled. | +| [`fabricSettings`](#parameter-fabricsettings) | array | The list of custom fabric settings to configure the cluster. | +| [`infrastructureServiceManager`](#parameter-infrastructureservicemanager) | bool | Indicates if infrastructure service manager is enabled. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxUnusedVersionsToKeep`](#parameter-maxunusedversionstokeep) | int | Number of unused versions per application type to keep. | +| [`notifications`](#parameter-notifications) | array | Indicates a list of notification channels for cluster events. | +| [`reverseProxyCertificate`](#parameter-reverseproxycertificate) | object | Describes the certificate details. | +| [`reverseProxyCertificateCommonNames`](#parameter-reverseproxycertificatecommonnames) | object | Describes a list of server certificates referenced by common name that are used to secure the cluster. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sfZonalUpgradeMode`](#parameter-sfzonalupgrademode) | string | This property controls the logical grouping of VMs in upgrade domains (UDs). This property cannot be modified if a node type with multiple Availability Zones is already present in the cluster. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`upgradeDescription`](#parameter-upgradedescription) | object | Describes the policy used when upgrading the cluster. | +| [`upgradeMode`](#parameter-upgrademode) | string | The upgrade mode of the cluster when new Service Fabric runtime version is available. | +| [`upgradePauseEndTimestampUtc`](#parameter-upgradepauseendtimestamputc) | string | Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). | +| [`upgradePauseStartTimestampUtc`](#parameter-upgradepausestarttimestamputc) | string | Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). | +| [`upgradeWave`](#parameter-upgradewave) | string | Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. | +| [`vmImage`](#parameter-vmimage) | string | The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. | +| [`vmssZonalUpgradeMode`](#parameter-vmsszonalupgrademode) | string | This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added. | +| [`waveUpgradePaused`](#parameter-waveupgradepaused) | bool | Boolean to pause automatic runtime version upgrades to the cluster. | + +### Parameter: `addOnFeatures` + +The list of add-on features to enable in the cluster. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[BackupRestoreService, DnsService, RepairManager, ResourceMonitorService]` + +### Parameter: `applicationTypes` + +Array of Service Fabric cluster application types. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureActiveDirectory` + +The settings to enable AAD authentication on the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `certificate` + +Describes the certificate details like thumbprint of the primary certificate, thumbprint of the secondary certificate and the local certificate store location. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `certificateCommonNames` + +Describes a list of server certificates referenced by common name that are used to secure the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `clientCertificateCommonNames` + +The list of client certificates referenced by common name that are allowed to manage the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `clientCertificateThumbprints` + +The list of client certificates referenced by thumbprint that are allowed to manage the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `clusterCodeVersion` + +The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to "Manual". To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticsStorageAccountConfig` + +The storage account information for storing Service Fabric diagnostic logs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventStoreServiceEnabled` + +Indicates if the event store service is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `fabricSettings` + +The list of custom fabric settings to configure the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `infrastructureServiceManager` + +Indicates if infrastructure service manager is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managementEndpoint` + +The http management endpoint of the cluster. +- Required: Yes +- Type: string + +### Parameter: `maxUnusedVersionsToKeep` + +Number of unused versions per application type to keep. +- Required: No +- Type: int +- Default: `3` + +### Parameter: `name` + +Name of the Service Fabric cluster. +- Required: Yes +- Type: string + +### Parameter: `nodeTypes` + +The list of node types in the cluster. +- Required: Yes +- Type: array + +### Parameter: `notifications` + +Indicates a list of notification channels for cluster events. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `reliabilityLevel` + +The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. +- Required: Yes +- Type: string +- Allowed: `[Bronze, Gold, None, Platinum, Silver]` + +### Parameter: `reverseProxyCertificate` + +Describes the certificate details. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `reverseProxyCertificateCommonNames` + +Describes a list of server certificates referenced by common name that are used to secure the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sfZonalUpgradeMode` + +This property controls the logical grouping of VMs in upgrade domains (UDs). This property cannot be modified if a node type with multiple Availability Zones is already present in the cluster. +- Required: No +- Type: string +- Default: `'Hierarchical'` +- Allowed: `[Hierarchical, Parallel]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `upgradeDescription` + +Describes the policy used when upgrading the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `upgradeMode` + +The upgrade mode of the cluster when new Service Fabric runtime version is available. +- Required: No +- Type: string +- Default: `'Automatic'` +- Allowed: `[Automatic, Manual]` + +### Parameter: `upgradePauseEndTimestampUtc` + +Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `upgradePauseStartTimestampUtc` + +Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `upgradeWave` + +Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. +- Required: No +- Type: string +- Default: `'Wave0'` +- Allowed: `[Wave0, Wave1, Wave2]` + +### Parameter: `vmImage` + +The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vmssZonalUpgradeMode` + +This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added. +- Required: No +- Type: string +- Default: `'Hierarchical'` +- Allowed: `[Hierarchical, Parallel]` + +### Parameter: `waveUpgradePaused` + +Boolean to pause automatic runtime version upgrades to the cluster. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `endpoint` | string | The Service Fabric Cluster endpoint. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Service Fabric Cluster name. | +| `resourceGroupName` | string | The Service Fabric Cluster resource group. | +| `resourceId` | string | The Service Fabric Cluster resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `notifications` diff --git a/modules/service-fabric/cluster/application-type/README.md b/modules/service-fabric/cluster/application-type/README.md index 5694135918..1fd40f7308 100644 --- a/modules/service-fabric/cluster/application-type/README.md +++ b/modules/service-fabric/cluster/application-type/README.md @@ -19,22 +19,49 @@ This module deploys a Service Fabric Cluster Application Type. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serviceFabricClusterName` | string | The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment. | +| [`serviceFabricClusterName`](#parameter-servicefabricclustername) | string | The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'defaultApplicationType'` | Application type name. | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | Application type name. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Application type name. +- Required: No +- Type: string +- Default: `'defaultApplicationType'` + +### Parameter: `serviceFabricClusterName` + +The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The resource name of the Application type. | | `resourceGroupName` | string | The resource group of the Application type. | diff --git a/modules/service-fabric/cluster/application-type/main.json b/modules/service-fabric/cluster/application-type/main.json index 4b21e5e00d..ed0f9dfa6d 100644 --- a/modules/service-fabric/cluster/application-type/main.json +++ b/modules/service-fabric/cluster/application-type/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18125415207616023954" + "version": "0.22.6.54827", + "templateHash": "3441501457466891361" }, "name": "Service Fabric Cluster Application Types", "description": "This module deploys a Service Fabric Cluster Application Type.", diff --git a/modules/service-fabric/cluster/main.json b/modules/service-fabric/cluster/main.json index e24955a9f4..66d8a1770e 100644 --- a/modules/service-fabric/cluster/main.json +++ b/modules/service-fabric/cluster/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4531061772881706732" + "version": "0.22.6.54827", + "templateHash": "212662749954902934" }, "name": "Service Fabric Clusters", "description": "This module deploys a Service Fabric Cluster.", @@ -443,8 +443,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4382638068628666696" + "version": "0.22.6.54827", + "templateHash": "6506040938777455648" } }, "parameters": { @@ -588,8 +588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14898826188473594106" + "version": "0.22.6.54827", + "templateHash": "3441501457466891361" }, "name": "Service Fabric Cluster Application Types", "description": "This module deploys a Service Fabric Cluster Application Type.", diff --git a/modules/signal-r-service/signal-r/.test/common/main.test.bicep b/modules/signal-r-service/signal-r/.test/common/main.test.bicep index 45b2ef7a66..433523a64f 100644 --- a/modules/signal-r-service/signal-r/.test/common/main.test.bicep +++ b/modules/signal-r-service/signal-r/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/signal-r-service/signal-r/.test/min/main.test.bicep b/modules/signal-r-service/signal-r/.test/min/main.test.bicep index f262b7c91b..3f7d469ad1 100644 --- a/modules/signal-r-service/signal-r/.test/min/main.test.bicep +++ b/modules/signal-r-service/signal-r/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/signal-r-service/signal-r/README.md b/modules/signal-r-service/signal-r/README.md index 2f25ef7491..3a6b8ee2c8 100644 --- a/modules/signal-r-service/signal-r/README.md +++ b/modules/signal-r-service/signal-r/README.md @@ -5,10 +5,10 @@ This module deploys a SignalR Service SignalR. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,71 +20,28 @@ This module deploys a SignalR Service SignalR. | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.SignalRService/signalR` | [2022-02-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.SignalRService/2022-02-01/signalR) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the SignalR Service resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedOrigins` | array | `[*]` | | The allowed origin settings of the resource. | -| `capacity` | int | `1` | | The unit count of the resource. | -| `clientCertEnabled` | bool | `False` | | Request client certificate during TLS handshake if enabled. | -| `disableAadAuth` | bool | `False` | | The disable Azure AD auth settings of the resource. | -| `disableLocalAuth` | bool | `True` | | The disable local auth settings of the resource. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `features` | array | `[System.Management.Automation.OrderedHashtable]` | | The features settings of the resource, `ServiceMode` is the only required feature. See https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/signalr?pivots=deployment-language-bicep#signalrfeature for more information. | -| `kind` | string | `'SignalR'` | `[RawWebSockets, SignalR]` | The kind of the service. | -| `liveTraceCatagoriesToEnable` | array | `[ConnectivityLogs, MessagingLogs]` | `[ConnectivityLogs, MessagingLogs]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `location` | string | `[resourceGroup().location]` | | The location for the resource. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkAcls` | object | `{object}` | | Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `resourceLogConfigurationsToEnable` | array | `[ConnectivityLogs, MessagingLogs]` | `[ConnectivityLogs, MessagingLogs]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard_S1'` | `[Free_F1, Premium_P1, Premium_P2, Premium_P3, Standard_S1, Standard_S2, Standard_S3]` | The SKU of the service. | -| `tags` | object | `{object}` | | The tags of the resource. | -| `upstreamTemplatesToEnable` | array | `[]` | | Upstream templates to enable. For more information, see https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2022-02-01/signalr?pivots=deployment-language-bicep#upstreamtemplate. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The SignalR name. | -| `resourceGroupName` | string | The SignalR resource group. | -| `resourceId` | string | The SignalR resource ID. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/signal-r-service.signal-r:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module signalR './signal-r-service/signal-r/main.bicep' = { +module signalR 'br:bicep/modules/signal-r-service.signal-r:1.0.0' = { name: '${uniqueString(deployment().name)}-test-srssrcom' params: { // Required parameters @@ -268,14 +225,17 @@ module signalR './signal-r-service/signal-r/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module signalR './signal-r-service/signal-r/main.bicep' = { +module signalR 'br:bicep/modules/signal-r-service.signal-r:1.0.0' = { name: '${uniqueString(deployment().name)}-test-srsdrmin' params: { // Required parameters @@ -312,3 +272,199 @@ module signalR './signal-r-service/signal-r/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the SignalR Service resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedOrigins`](#parameter-allowedorigins) | array | The allowed origin settings of the resource. | +| [`capacity`](#parameter-capacity) | int | The unit count of the resource. | +| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | Request client certificate during TLS handshake if enabled. | +| [`disableAadAuth`](#parameter-disableaadauth) | bool | The disable Azure AD auth settings of the resource. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | The disable local auth settings of the resource. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`features`](#parameter-features) | array | The features settings of the resource, `ServiceMode` is the only required feature. See https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/signalr?pivots=deployment-language-bicep#signalrfeature for more information. | +| [`kind`](#parameter-kind) | string | The kind of the service. | +| [`liveTraceCatagoriesToEnable`](#parameter-livetracecatagoriestoenable) | array | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`location`](#parameter-location) | string | The location for the resource. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkAcls`](#parameter-networkacls) | object | Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`resourceLogConfigurationsToEnable`](#parameter-resourcelogconfigurationstoenable) | array | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The SKU of the service. | +| [`tags`](#parameter-tags) | object | The tags of the resource. | +| [`upstreamTemplatesToEnable`](#parameter-upstreamtemplatestoenable) | array | Upstream templates to enable. For more information, see https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2022-02-01/signalr?pivots=deployment-language-bicep#upstreamtemplate. | + +### Parameter: `allowedOrigins` + +The allowed origin settings of the resource. +- Required: No +- Type: array +- Default: `[*]` + +### Parameter: `capacity` + +The unit count of the resource. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `clientCertEnabled` + +Request client certificate during TLS handshake if enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableAadAuth` + +The disable Azure AD auth settings of the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableLocalAuth` + +The disable local auth settings of the resource. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `features` + +The features settings of the resource, `ServiceMode` is the only required feature. See https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/signalr?pivots=deployment-language-bicep#signalrfeature for more information. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `kind` + +The kind of the service. +- Required: No +- Type: string +- Default: `'SignalR'` +- Allowed: `[RawWebSockets, SignalR]` + +### Parameter: `liveTraceCatagoriesToEnable` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: array +- Default: `[ConnectivityLogs, MessagingLogs]` +- Allowed: `[ConnectivityLogs, MessagingLogs]` + +### Parameter: `location` + +The location for the resource. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the SignalR Service resource. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `resourceLogConfigurationsToEnable` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: array +- Default: `[ConnectivityLogs, MessagingLogs]` +- Allowed: `[ConnectivityLogs, MessagingLogs]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The SKU of the service. +- Required: No +- Type: string +- Default: `'Standard_S1'` +- Allowed: `[Free_F1, Premium_P1, Premium_P2, Premium_P3, Standard_S1, Standard_S2, Standard_S3]` + +### Parameter: `tags` + +The tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `upstreamTemplatesToEnable` + +Upstream templates to enable. For more information, see https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2022-02-01/signalr?pivots=deployment-language-bicep#upstreamtemplate. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The SignalR name. | +| `resourceGroupName` | string | The SignalR resource group. | +| `resourceId` | string | The SignalR resource ID. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/signal-r-service/signal-r/main.json b/modules/signal-r-service/signal-r/main.json index 7362a1c79f..9936aee029 100644 --- a/modules/signal-r-service/signal-r/main.json +++ b/modules/signal-r-service/signal-r/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18397814531819646365" + "version": "0.22.6.54827", + "templateHash": "1694197592231434947" }, "name": "SignalR Service SignalR", "description": "This module deploys a SignalR Service SignalR.", @@ -319,8 +319,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -519,8 +519,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -657,8 +657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -871,8 +871,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7310613966426306151" + "version": "0.22.6.54827", + "templateHash": "15833181325335121682" } }, "parameters": { diff --git a/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep b/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep index 1e4498f8da..841d4abf2d 100644 --- a/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep +++ b/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/signal-r-service/web-pub-sub/.test/min/main.test.bicep b/modules/signal-r-service/web-pub-sub/.test/min/main.test.bicep index 229caafb2b..0afc1a7936 100644 --- a/modules/signal-r-service/web-pub-sub/.test/min/main.test.bicep +++ b/modules/signal-r-service/web-pub-sub/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/signal-r-service/web-pub-sub/README.md b/modules/signal-r-service/web-pub-sub/README.md index 2fdf5cb244..834852ff3f 100644 --- a/modules/signal-r-service/web-pub-sub/README.md +++ b/modules/signal-r-service/web-pub-sub/README.md @@ -5,10 +5,10 @@ This module deploys a SignalR Web PubSub Service. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,72 +20,29 @@ This module deploys a SignalR Web PubSub Service. | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.SignalRService/webPubSub` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.SignalRService/2021-10-01/webPubSub) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Web PubSub Service resource. | - -**Optional parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `1` | | The unit count of the resource. 1 by default. | -| `clientCertEnabled` | bool | `False` | | Request client certificate during TLS handshake if enabled. | -| `disableAadAuth` | bool | `False` | | When set as true, connection with AuthType=aad won't work. | -| `disableLocalAuth` | bool | `True` | | Disables all authentication methods other than AAD authentication. For security reasons, this value should be set to `true`. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | The location for the resource. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkAcls` | object | `{object}` | | Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `resourceLogConfigurationsToEnable` | array | `[ConnectivityLogs, MessagingLogs]` | `[ConnectivityLogs, MessagingLogs]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard_S1'` | `[Free_F1, Standard_S1]` | Pricing tier of the resource. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/signal-r-service.web-pub-sub:1.0.0`. -## Outputs +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `externalIP` | string | The Web PubSub externalIP. | -| `hostName` | string | The Web PubSub hostName. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Web PubSub name. | -| `publicPort` | int | The Web PubSub publicPort. | -| `resourceGroupName` | string | The Web PubSub resource group. | -| `resourceId` | string | The Web PubSub resource ID. | -| `serverPort` | int | The Web PubSub serverPort. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module webPubSub './signal-r-service/web-pub-sub/main.bicep' = { +module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-srswpscom' params: { // Required parameters @@ -269,14 +226,17 @@ module webPubSub './signal-r-service/web-pub-sub/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module webPubSub './signal-r-service/web-pub-sub/main.bicep' = { +module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-srswpsmin' params: { // Required parameters @@ -314,14 +274,14 @@ module webPubSub './signal-r-service/web-pub-sub/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module webPubSub './signal-r-service/web-pub-sub/main.bicep' = { +module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-srswpspe' params: { // Required parameters @@ -408,3 +368,177 @@ module webPubSub './signal-r-service/web-pub-sub/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Web PubSub Service resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The unit count of the resource. 1 by default. | +| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | Request client certificate during TLS handshake if enabled. | +| [`disableAadAuth`](#parameter-disableaadauth) | bool | When set as true, connection with AuthType=aad won't work. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. For security reasons, this value should be set to `true`. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location for the resource. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkAcls`](#parameter-networkacls) | object | Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`resourceLogConfigurationsToEnable`](#parameter-resourcelogconfigurationstoenable) | array | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | Pricing tier of the resource. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `capacity` + +The unit count of the resource. 1 by default. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `clientCertEnabled` + +Request client certificate during TLS handshake if enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableAadAuth` + +When set as true, connection with AuthType=aad won't work. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableLocalAuth` + +Disables all authentication methods other than AAD authentication. For security reasons, this value should be set to `true`. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location for the resource. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Web PubSub Service resource. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `resourceLogConfigurationsToEnable` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: array +- Default: `[ConnectivityLogs, MessagingLogs]` +- Allowed: `[ConnectivityLogs, MessagingLogs]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Pricing tier of the resource. +- Required: No +- Type: string +- Default: `'Standard_S1'` +- Allowed: `[Free_F1, Standard_S1]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `externalIP` | string | The Web PubSub externalIP. | +| `hostName` | string | The Web PubSub hostName. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Web PubSub name. | +| `publicPort` | int | The Web PubSub publicPort. | +| `resourceGroupName` | string | The Web PubSub resource group. | +| `resourceId` | string | The Web PubSub resource ID. | +| `serverPort` | int | The Web PubSub serverPort. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/signal-r-service/web-pub-sub/main.json b/modules/signal-r-service/web-pub-sub/main.json index c4d4b11904..ac949dffda 100644 --- a/modules/signal-r-service/web-pub-sub/main.json +++ b/modules/signal-r-service/web-pub-sub/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10139309088616173208" + "version": "0.22.6.54827", + "templateHash": "16709379153478427185" }, "name": "SignalR Web PubSub Services", "description": "This module deploys a SignalR Web PubSub Service.", @@ -266,8 +266,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -466,8 +466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -604,8 +604,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -818,8 +818,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6690413318542204402" + "version": "0.22.6.54827", + "templateHash": "2385173204571615101" } }, "parameters": { diff --git a/modules/sql/managed-instance/.test/common/main.test.bicep b/modules/sql/managed-instance/.test/common/main.test.bicep index 954bb2175c..f13416a55e 100644 --- a/modules/sql/managed-instance/.test/common/main.test.bicep +++ b/modules/sql/managed-instance/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/sql/managed-instance/.test/min/main.test.bicep b/modules/sql/managed-instance/.test/min/main.test.bicep index 0602f61a0b..0c9d4bbe75 100644 --- a/modules/sql/managed-instance/.test/min/main.test.bicep +++ b/modules/sql/managed-instance/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/sql/managed-instance/README.md b/modules/sql/managed-instance/README.md index cb696de727..8fcdbe6649 100644 --- a/modules/sql/managed-instance/README.md +++ b/modules/sql/managed-instance/README.md @@ -4,14 +4,14 @@ This module deploys a SQL Managed Instance. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -28,97 +28,29 @@ This module deploys a SQL Managed Instance. | `Microsoft.Sql/managedInstances/securityAlertPolicies` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/managedInstances/securityAlertPolicies) | | `Microsoft.Sql/managedInstances/vulnerabilityAssessments` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/managedInstances/vulnerabilityAssessments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `administratorLogin` | string | The username used to establish jumpbox VMs. | -| `administratorLoginPassword` | securestring | The password given to the admin user. | -| `name` | string | The name of the SQL managed instance. | -| `subnetId` | string | The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `primaryUserAssignedIdentityId` | string | `''` | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `administratorsObj` | object | `{object}` | | The administrator configuration. | -| `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | Collation of the managed instance. | -| `databases` | array | `[]` | | Databases to create in this server. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ResourceUsageStats, SQLSecurityAuditEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsZonePartner` | string | `''` | | The resource ID of another managed instance whose DNS zone this managed instance will share after creation. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionProtectorObj` | _[encryptionProtector](encryption-protector/README.md)_ object | `{object}` | | The encryption protection configuration. | -| `hardwareFamily` | string | `'Gen5'` | | If the service has different generations of hardware, for the same SKU, then that can be captured here. | -| `instancePoolResourceId` | string | `''` | | The resource ID of the instance pool this managed server belongs to. | -| `keys` | array | `[]` | | The keys to configure. | -| `licenseType` | string | `'LicenseIncluded'` | `[BasePrice, LicenseIncluded]` | The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedInstanceCreateMode` | string | `'Default'` | `[Default, PointInTimeRestore]` | Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. | -| `minimalTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2, None]` | Minimal TLS version allowed. | -| `proxyOverride` | string | `'Proxy'` | `[Default, Proxy, Redirect]` | Connection type used for connecting to the instance. | -| `publicDataEndpointEnabled` | bool | `False` | | Whether or not the public data endpoint is enabled. | -| `requestedBackupStorageRedundancy` | string | `'Geo'` | `[Geo, GeoZone, Local, Zone]` | The storage account type used to store backups for this database. | -| `restorePointInTime` | string | `''` | | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityAlertPoliciesObj` | object | `{object}` | | The security alert policy configuration. | -| `servicePrincipal` | string | `'None'` | `[None, SystemAssigned]` | Service principal type. If using AD Authentication and applying Admin, must be set to `SystemAssigned`. Then Global Admin must allow Reader access to Azure AD for the Service Principal. | -| `skuName` | string | `'GP_Gen5'` | | The name of the SKU, typically, a letter + Number code, e.g. P3. | -| `skuTier` | string | `'GeneralPurpose'` | | The tier or edition of the particular SKU, e.g. Basic, Premium. | -| `sourceManagedInstanceId` | string | `''` | | The resource identifier of the source managed instance associated with create operation of this instance. | -| `storageSizeInGB` | int | `32` | | Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timezoneId` | string | `'UTC'` | | ID of the timezone. Allowed values are timezones supported by Windows. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vCores` | int | `4` | | The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. | -| `vulnerabilityAssessmentsObj` | object | `{object}` | | The vulnerability assessment configuration. | -| `zoneRedundant` | bool | `False` | | Whether or not multi-az is enabled. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed managed instance. | -| `resourceGroupName` | string | The resource group of the deployed managed instance. | -| `resourceId` | string | The resource ID of the deployed managed instance. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/sql.managed-instance:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Vulnassm](#example-3-vulnassm) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module managedInstance './sql/managed-instance/main.bicep' = { +module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlmicom' params: { // Required parameters @@ -362,14 +294,17 @@ module managedInstance './sql/managed-instance/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managedInstance './sql/managed-instance/main.bicep' = { +module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlmimin' params: { // Required parameters @@ -419,14 +354,14 @@ module managedInstance './sql/managed-instance/main.bicep' = {

-

Example 3: Vulnassm

+### Example 3: _Vulnassm_
via Bicep module ```bicep -module managedInstance './sql/managed-instance/main.bicep' = { +module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlmivln' params: { // Required parameters @@ -529,6 +464,395 @@ module managedInstance './sql/managed-instance/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`administratorLogin`](#parameter-administratorlogin) | string | The username used to establish jumpbox VMs. | +| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The password given to the admin user. | +| [`name`](#parameter-name) | string | The name of the SQL managed instance. | +| [`subnetId`](#parameter-subnetid) | string | The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`primaryUserAssignedIdentityId`](#parameter-primaryuserassignedidentityid) | string | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`administratorsObj`](#parameter-administratorsobj) | object | The administrator configuration. | +| [`collation`](#parameter-collation) | string | Collation of the managed instance. | +| [`databases`](#parameter-databases) | array | Databases to create in this server. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`dnsZonePartner`](#parameter-dnszonepartner) | string | The resource ID of another managed instance whose DNS zone this managed instance will share after creation. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionProtectorObj`](#parameter-encryptionprotectorobj) | object | The encryption protection configuration. | +| [`hardwareFamily`](#parameter-hardwarefamily) | string | If the service has different generations of hardware, for the same SKU, then that can be captured here. | +| [`instancePoolResourceId`](#parameter-instancepoolresourceid) | string | The resource ID of the instance pool this managed server belongs to. | +| [`keys`](#parameter-keys) | array | The keys to configure. | +| [`licenseType`](#parameter-licensetype) | string | The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedInstanceCreateMode`](#parameter-managedinstancecreatemode) | string | Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. | +| [`minimalTlsVersion`](#parameter-minimaltlsversion) | string | Minimal TLS version allowed. | +| [`proxyOverride`](#parameter-proxyoverride) | string | Connection type used for connecting to the instance. | +| [`publicDataEndpointEnabled`](#parameter-publicdataendpointenabled) | bool | Whether or not the public data endpoint is enabled. | +| [`requestedBackupStorageRedundancy`](#parameter-requestedbackupstorageredundancy) | string | The storage account type used to store backups for this database. | +| [`restorePointInTime`](#parameter-restorepointintime) | string | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityAlertPoliciesObj`](#parameter-securityalertpoliciesobj) | object | The security alert policy configuration. | +| [`servicePrincipal`](#parameter-serviceprincipal) | string | Service principal type. If using AD Authentication and applying Admin, must be set to `SystemAssigned`. Then Global Admin must allow Reader access to Azure AD for the Service Principal. | +| [`skuName`](#parameter-skuname) | string | The name of the SKU, typically, a letter + Number code, e.g. P3. | +| [`skuTier`](#parameter-skutier) | string | The tier or edition of the particular SKU, e.g. Basic, Premium. | +| [`sourceManagedInstanceId`](#parameter-sourcemanagedinstanceid) | string | The resource identifier of the source managed instance associated with create operation of this instance. | +| [`storageSizeInGB`](#parameter-storagesizeingb) | int | Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timezoneId`](#parameter-timezoneid) | string | ID of the timezone. Allowed values are timezones supported by Windows. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`vCores`](#parameter-vcores) | int | The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. | +| [`vulnerabilityAssessmentsObj`](#parameter-vulnerabilityassessmentsobj) | object | The vulnerability assessment configuration. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not multi-az is enabled. | + +### Parameter: `administratorLogin` + +The username used to establish jumpbox VMs. +- Required: Yes +- Type: string + +### Parameter: `administratorLoginPassword` + +The password given to the admin user. +- Required: Yes +- Type: securestring + +### Parameter: `administratorsObj` + +The administrator configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `collation` + +Collation of the managed instance. +- Required: No +- Type: string +- Default: `'SQL_Latin1_General_CP1_CI_AS'` + +### Parameter: `databases` + +Databases to create in this server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ResourceUsageStats, SQLSecurityAuditEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsZonePartner` + +The resource ID of another managed instance whose DNS zone this managed instance will share after creation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionProtectorObj` + +The encryption protection configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `hardwareFamily` + +If the service has different generations of hardware, for the same SKU, then that can be captured here. +- Required: No +- Type: string +- Default: `'Gen5'` + +### Parameter: `instancePoolResourceId` + +The resource ID of the instance pool this managed server belongs to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `keys` + +The keys to configure. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `licenseType` + +The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses). +- Required: No +- Type: string +- Default: `'LicenseIncluded'` +- Allowed: `[BasePrice, LicenseIncluded]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedInstanceCreateMode` + +Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, PointInTimeRestore]` + +### Parameter: `minimalTlsVersion` + +Minimal TLS version allowed. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2, None]` + +### Parameter: `name` + +The name of the SQL managed instance. +- Required: Yes +- Type: string + +### Parameter: `primaryUserAssignedIdentityId` + +The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `proxyOverride` + +Connection type used for connecting to the instance. +- Required: No +- Type: string +- Default: `'Proxy'` +- Allowed: `[Default, Proxy, Redirect]` + +### Parameter: `publicDataEndpointEnabled` + +Whether or not the public data endpoint is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `requestedBackupStorageRedundancy` + +The storage account type used to store backups for this database. +- Required: No +- Type: string +- Default: `'Geo'` +- Allowed: `[Geo, GeoZone, Local, Zone]` + +### Parameter: `restorePointInTime` + +Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityAlertPoliciesObj` + +The security alert policy configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `servicePrincipal` + +Service principal type. If using AD Authentication and applying Admin, must be set to `SystemAssigned`. Then Global Admin must allow Reader access to Azure AD for the Service Principal. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[None, SystemAssigned]` + +### Parameter: `skuName` + +The name of the SKU, typically, a letter + Number code, e.g. P3. +- Required: No +- Type: string +- Default: `'GP_Gen5'` + +### Parameter: `skuTier` + +The tier or edition of the particular SKU, e.g. Basic, Premium. +- Required: No +- Type: string +- Default: `'GeneralPurpose'` + +### Parameter: `sourceManagedInstanceId` + +The resource identifier of the source managed instance associated with create operation of this instance. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageSizeInGB` + +Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only. +- Required: No +- Type: int +- Default: `32` + +### Parameter: `subnetId` + +The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timezoneId` + +ID of the timezone. Allowed values are timezones supported by Windows. +- Required: No +- Type: string +- Default: `'UTC'` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vCores` + +The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. +- Required: No +- Type: int +- Default: `4` + +### Parameter: `vulnerabilityAssessmentsObj` + +The vulnerability assessment configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +Whether or not multi-az is enabled. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed managed instance. | +| `resourceGroupName` | string | The resource group of the deployed managed instance. | +| `resourceId` | string | The resource ID of the deployed managed instance. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/sql/managed-instance/administrator/README.md b/modules/sql/managed-instance/administrator/README.md index 83e221d3f0..e14642b81c 100644 --- a/modules/sql/managed-instance/administrator/README.md +++ b/modules/sql/managed-instance/administrator/README.md @@ -19,28 +19,60 @@ This module deploys a SQL Managed Instance Administrator. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `login` | string | Login name of the managed instance administrator. | -| `sid` | string | SID (object ID) of the managed instance administrator. | +| [`login`](#parameter-login) | string | Login name of the managed instance administrator. | +| [`sid`](#parameter-sid) | string | SID (object ID) of the managed instance administrator. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tenantId` | string | `''` | Tenant ID of the managed instance administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tenantId`](#parameter-tenantid) | string | Tenant ID of the managed instance administrator. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `login` + +Login name of the managed instance administrator. +- Required: Yes +- Type: string + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sid` + +SID (object ID) of the managed instance administrator. +- Required: Yes +- Type: string + +### Parameter: `tenantId` + +Tenant ID of the managed instance administrator. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed managed instance administrator. | | `resourceGroupName` | string | The resource group of the deployed managed instance administrator. | diff --git a/modules/sql/managed-instance/administrator/main.json b/modules/sql/managed-instance/administrator/main.json index 14523f5dc5..57f5b1407f 100644 --- a/modules/sql/managed-instance/administrator/main.json +++ b/modules/sql/managed-instance/administrator/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "94742246961044490" + "version": "0.22.6.54827", + "templateHash": "15854210755739319953" }, "name": "SQL Managed Instances Administrator", "description": "This module deploys a SQL Managed Instance Administrator.", diff --git a/modules/sql/managed-instance/database/README.md b/modules/sql/managed-instance/database/README.md index c052ef6853..a4c70e1c9a 100644 --- a/modules/sql/managed-instance/database/README.md +++ b/modules/sql/managed-instance/database/README.md @@ -4,12 +4,12 @@ This module deploys a SQL Managed Instance Database. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,47 +23,216 @@ This module deploys a SQL Managed Instance Database. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the SQL managed instance database. | +| [`name`](#parameter-name) | string | The name of the SQL managed instance database. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `longTermRetentionBackupResourceId` | string | `''` | The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup. | -| `managedInstanceName` | string | | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | -| `recoverableDatabaseId` | string | `''` | The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery. | -| `restorePointInTime` | string | `''` | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore. | -| `sourceDatabaseId` | string | `''` | The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore. | -| `storageContainerSasToken` | string | `''` | Specifies the storage container sas token. Required if createMode is RestoreExternalBackup. | -| `storageContainerUri` | string | `''` | Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`longTermRetentionBackupResourceId`](#parameter-longtermretentionbackupresourceid) | string | The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`recoverableDatabaseId`](#parameter-recoverabledatabaseid) | string | The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery. | +| [`restorePointInTime`](#parameter-restorepointintime) | string | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore. | +| [`sourceDatabaseId`](#parameter-sourcedatabaseid) | string | The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore. | +| [`storageContainerSasToken`](#parameter-storagecontainersastoken) | string | Specifies the storage container sas token. Required if createMode is RestoreExternalBackup. | +| [`storageContainerUri`](#parameter-storagecontaineruri) | string | Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backupLongTermRetentionPoliciesObj` | object | `{object}` | | The configuration for the backup long term retention policy definition. | -| `backupShortTermRetentionPoliciesObj` | object | `{object}` | | The configuration for the backup short term retention policy definition. | -| `catalogCollation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | Collation of the managed instance. | -| `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | Collation of the managed instance database. | -| `createMode` | string | `'Default'` | `[Default, PointInTimeRestore, Recovery, RestoreExternalBackup, RestoreLongTermRetentionBackup]` | Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `restorableDroppedDatabaseId` | string | `''` | | The restorable dropped database resource ID to restore when creating this database. | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backupLongTermRetentionPoliciesObj`](#parameter-backuplongtermretentionpoliciesobj) | object | The configuration for the backup long term retention policy definition. | +| [`backupShortTermRetentionPoliciesObj`](#parameter-backupshorttermretentionpoliciesobj) | object | The configuration for the backup short term retention policy definition. | +| [`catalogCollation`](#parameter-catalogcollation) | string | Collation of the managed instance. | +| [`collation`](#parameter-collation) | string | Collation of the managed instance database. | +| [`createMode`](#parameter-createmode) | string | Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required). | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`restorableDroppedDatabaseId`](#parameter-restorabledroppeddatabaseid) | string | The restorable dropped database resource ID to restore when creating this database. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `backupLongTermRetentionPoliciesObj` + +The configuration for the backup long term retention policy definition. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `backupShortTermRetentionPoliciesObj` + +The configuration for the backup short term retention policy definition. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `catalogCollation` + +Collation of the managed instance. +- Required: No +- Type: string +- Default: `'SQL_Latin1_General_CP1_CI_AS'` + +### Parameter: `collation` + +Collation of the managed instance database. +- Required: No +- Type: string +- Default: `'SQL_Latin1_General_CP1_CI_AS'` + +### Parameter: `createMode` + +Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required). +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, PointInTimeRestore, Recovery, RestoreExternalBackup, RestoreLongTermRetentionBackup]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `longTermRetentionBackupResourceId` + +The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the SQL managed instance database. +- Required: Yes +- Type: string + +### Parameter: `recoverableDatabaseId` + +The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `restorableDroppedDatabaseId` + +The restorable dropped database resource ID to restore when creating this database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `restorePointInTime` + +Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceDatabaseId` + +The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageContainerSasToken` + +Specifies the storage container sas token. Required if createMode is RestoreExternalBackup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageContainerUri` + +Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed database. | diff --git a/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md b/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md index 36d9e86feb..287c3fbaf2 100644 --- a/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md +++ b/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md @@ -19,31 +19,84 @@ This module deploys a SQL Managed Instance Database Backup Long-Term Retention P **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Long Term Retention backup policy. For example "default". | +| [`name`](#parameter-name) | string | The name of the Long Term Retention backup policy. For example "default". | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseName` | string | The name of the parent managed instance database. Required if the template is used in a standalone deployment. | -| `managedInstanceName` | string | The name of the parent managed instance. Required if the template is used in a standalone deployment. | +| [`databaseName`](#parameter-databasename) | string | The name of the parent managed instance database. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `monthlyRetention` | string | `'P1Y'` | The monthly retention policy for an LTR backup in an ISO 8601 format. | -| `weeklyRetention` | string | `'P1M'` | The weekly retention policy for an LTR backup in an ISO 8601 format. | -| `weekOfYear` | int | `5` | The week of year to take the yearly backup in an ISO 8601 format. | -| `yearlyRetention` | string | `'P5Y'` | The yearly retention policy for an LTR backup in an ISO 8601 format. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`monthlyRetention`](#parameter-monthlyretention) | string | The monthly retention policy for an LTR backup in an ISO 8601 format. | +| [`weeklyRetention`](#parameter-weeklyretention) | string | The weekly retention policy for an LTR backup in an ISO 8601 format. | +| [`weekOfYear`](#parameter-weekofyear) | int | The week of year to take the yearly backup in an ISO 8601 format. | +| [`yearlyRetention`](#parameter-yearlyretention) | string | The yearly retention policy for an LTR backup in an ISO 8601 format. | + +### Parameter: `databaseName` + +The name of the parent managed instance database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedInstanceName` + +The name of the parent managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `monthlyRetention` + +The monthly retention policy for an LTR backup in an ISO 8601 format. +- Required: No +- Type: string +- Default: `'P1Y'` + +### Parameter: `name` + +The name of the Long Term Retention backup policy. For example "default". +- Required: Yes +- Type: string + +### Parameter: `weeklyRetention` + +The weekly retention policy for an LTR backup in an ISO 8601 format. +- Required: No +- Type: string +- Default: `'P1M'` + +### Parameter: `weekOfYear` + +The week of year to take the yearly backup in an ISO 8601 format. +- Required: No +- Type: int +- Default: `5` + +### Parameter: `yearlyRetention` + +The yearly retention policy for an LTR backup in an ISO 8601 format. +- Required: No +- Type: string +- Default: `'P5Y'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database backup long-term retention policy. | | `resourceGroupName` | string | The resource group of the deployed database backup long-term retention policy. | diff --git a/modules/sql/managed-instance/database/backup-long-term-retention-policy/main.json b/modules/sql/managed-instance/database/backup-long-term-retention-policy/main.json index 46881cf93b..f5ed047237 100644 --- a/modules/sql/managed-instance/database/backup-long-term-retention-policy/main.json +++ b/modules/sql/managed-instance/database/backup-long-term-retention-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18038719600656297152" + "version": "0.22.6.54827", + "templateHash": "15408301285980793830" }, "name": "SQL Managed Instance Database Backup Long-Term Retention Policies", "description": "This module deploys a SQL Managed Instance Database Backup Long-Term Retention Policy.", diff --git a/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md b/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md index 71a5b6b63b..7b228f8d1f 100644 --- a/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md +++ b/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md @@ -19,28 +19,60 @@ This module deploys a SQL Managed Instance Database Backup Short-Term Retention **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Short Term Retention backup policy. For example "default". | +| [`name`](#parameter-name) | string | The name of the Short Term Retention backup policy. For example "default". | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseName` | string | The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment. | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`databaseName`](#parameter-databasename) | string | The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `retentionDays` | int | `35` | The backup retention period in days. This is how many days Point-in-Time Restore will be supported. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`retentionDays`](#parameter-retentiondays) | int | The backup retention period in days. This is how many days Point-in-Time Restore will be supported. | + +### Parameter: `databaseName` + +The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the Short Term Retention backup policy. For example "default". +- Required: Yes +- Type: string + +### Parameter: `retentionDays` + +The backup retention period in days. This is how many days Point-in-Time Restore will be supported. +- Required: No +- Type: int +- Default: `35` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database backup short-term retention policy. | | `resourceGroupName` | string | The resource group of the deployed database backup short-term retention policy. | diff --git a/modules/sql/managed-instance/database/backup-short-term-retention-policy/main.json b/modules/sql/managed-instance/database/backup-short-term-retention-policy/main.json index 34f3bffae7..ea00e3c99f 100644 --- a/modules/sql/managed-instance/database/backup-short-term-retention-policy/main.json +++ b/modules/sql/managed-instance/database/backup-short-term-retention-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6931213919610871740" + "version": "0.22.6.54827", + "templateHash": "14876398050931373256" }, "name": "SQL Managed Instance Database Backup Short-Term Retention Policies", "description": "This module deploys a SQL Managed Instance Database Backup Short-Term Retention Policy.", diff --git a/modules/sql/managed-instance/database/main.json b/modules/sql/managed-instance/database/main.json index 03c72318d8..3b07ade1a8 100644 --- a/modules/sql/managed-instance/database/main.json +++ b/modules/sql/managed-instance/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7819487658736647657" + "version": "0.22.6.54827", + "templateHash": "17690558463959058243" }, "name": "SQL Managed Instance Databases", "description": "This module deploys a SQL Managed Instance Database.", @@ -311,8 +311,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6931213919610871740" + "version": "0.22.6.54827", + "templateHash": "14876398050931373256" }, "name": "SQL Managed Instance Database Backup Short-Term Retention Policies", "description": "This module deploys a SQL Managed Instance Database Backup Short-Term Retention Policy.", @@ -439,8 +439,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18038719600656297152" + "version": "0.22.6.54827", + "templateHash": "15408301285980793830" }, "name": "SQL Managed Instance Database Backup Long-Term Retention Policies", "description": "This module deploys a SQL Managed Instance Database Backup Long-Term Retention Policy.", diff --git a/modules/sql/managed-instance/encryption-protector/README.md b/modules/sql/managed-instance/encryption-protector/README.md index 88ce6e7f11..47e58ba01b 100644 --- a/modules/sql/managed-instance/encryption-protector/README.md +++ b/modules/sql/managed-instance/encryption-protector/README.md @@ -19,28 +19,62 @@ This module deploys a SQL Managed Instance Encryption Protector. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverKeyName` | string | The name of the SQL managed instance key. | +| [`serverKeyName`](#parameter-serverkeyname) | string | The name of the SQL managed instance key. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoRotationEnabled` | bool | `False` | | Key auto rotation opt-in flag. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `serverKeyType` | string | `'ServiceManaged'` | `[AzureKeyVault, ServiceManaged]` | The encryption protector type like "ServiceManaged", "AzureKeyVault". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoRotationEnabled`](#parameter-autorotationenabled) | bool | Key auto rotation opt-in flag. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type like "ServiceManaged", "AzureKeyVault". | + +### Parameter: `autoRotationEnabled` + +Key auto rotation opt-in flag. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `serverKeyName` + +The name of the SQL managed instance key. +- Required: Yes +- Type: string + +### Parameter: `serverKeyType` + +The encryption protector type like "ServiceManaged", "AzureKeyVault". +- Required: No +- Type: string +- Default: `'ServiceManaged'` +- Allowed: `[AzureKeyVault, ServiceManaged]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed managed instance encryption protector. | | `resourceGroupName` | string | The resource group of the deployed managed instance encryption protector. | diff --git a/modules/sql/managed-instance/encryption-protector/main.json b/modules/sql/managed-instance/encryption-protector/main.json index cc7d2dae7a..ca49af4351 100644 --- a/modules/sql/managed-instance/encryption-protector/main.json +++ b/modules/sql/managed-instance/encryption-protector/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3596420230929102349" + "version": "0.22.6.54827", + "templateHash": "8970010319946939362" }, "name": "SQL Managed Instance Encryption Protector", "description": "This module deploys a SQL Managed Instance Encryption Protector.", diff --git a/modules/sql/managed-instance/key/README.md b/modules/sql/managed-instance/key/README.md index f429556832..139793834e 100644 --- a/modules/sql/managed-instance/key/README.md +++ b/modules/sql/managed-instance/key/README.md @@ -19,28 +19,62 @@ This module deploys a SQL Managed Instance Key. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the key. Must follow the [__] pattern. | +| [`name`](#parameter-name) | string | The name of the key. Must follow the [__] pattern. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `serverKeyType` | string | `'ServiceManaged'` | `[AzureKeyVault, ServiceManaged]` | The encryption protector type like "ServiceManaged", "AzureKeyVault". | -| `uri` | string | `''` | | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type like "ServiceManaged", "AzureKeyVault". | +| [`uri`](#parameter-uri) | string | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the key. Must follow the [__] pattern. +- Required: Yes +- Type: string + +### Parameter: `serverKeyType` + +The encryption protector type like "ServiceManaged", "AzureKeyVault". +- Required: No +- Type: string +- Default: `'ServiceManaged'` +- Allowed: `[AzureKeyVault, ServiceManaged]` + +### Parameter: `uri` + +The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed managed instance key. | | `resourceGroupName` | string | The resource group of the deployed managed instance key. | diff --git a/modules/sql/managed-instance/key/main.json b/modules/sql/managed-instance/key/main.json index 2a36cecd48..7d289bb17b 100644 --- a/modules/sql/managed-instance/key/main.json +++ b/modules/sql/managed-instance/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12303930012308222652" + "version": "0.22.6.54827", + "templateHash": "18326031332279100252" }, "name": "SQL Managed Instance Keys", "description": "This module deploys a SQL Managed Instance Key.", diff --git a/modules/sql/managed-instance/main.json b/modules/sql/managed-instance/main.json index b4e266703d..b67031103b 100644 --- a/modules/sql/managed-instance/main.json +++ b/modules/sql/managed-instance/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15067027960339653100" + "version": "0.22.6.54827", + "templateHash": "18227197832977916011" }, "name": "SQL Managed Instances", "description": "This module deploys a SQL Managed Instance.", @@ -507,8 +507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10149117624574107754" + "version": "0.22.6.54827", + "templateHash": "4115807259026871068" } }, "parameters": { @@ -677,8 +677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7819487658736647657" + "version": "0.22.6.54827", + "templateHash": "17690558463959058243" }, "name": "SQL Managed Instance Databases", "description": "This module deploys a SQL Managed Instance Database.", @@ -984,8 +984,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6931213919610871740" + "version": "0.22.6.54827", + "templateHash": "14876398050931373256" }, "name": "SQL Managed Instance Database Backup Short-Term Retention Policies", "description": "This module deploys a SQL Managed Instance Database Backup Short-Term Retention Policy.", @@ -1112,8 +1112,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18038719600656297152" + "version": "0.22.6.54827", + "templateHash": "15408301285980793830" }, "name": "SQL Managed Instance Database Backup Long-Term Retention Policies", "description": "This module deploys a SQL Managed Instance Database Backup Long-Term Retention Policy.", @@ -1296,8 +1296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15021129035939475675" + "version": "0.22.6.54827", + "templateHash": "744224666214582478" }, "name": "SQL Managed Instance Security Alert Policies", "description": "This module deploys a SQL Managed Instance Security Alert Policy.", @@ -1431,8 +1431,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16824260265514306931" + "version": "0.22.6.54827", + "templateHash": "18315887045308503469" }, "name": "SQL Managed Instance Vulnerability Assessments", "description": "This module deploys a SQL Managed Instance Vulnerability Assessment.", @@ -1557,8 +1557,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5906561113326922902" + "version": "0.22.6.54827", + "templateHash": "9210546972730714858" } }, "parameters": { @@ -1648,8 +1648,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12303930012308222652" + "version": "0.22.6.54827", + "templateHash": "18326031332279100252" }, "name": "SQL Managed Instance Keys", "description": "This module deploys a SQL Managed Instance Key.", @@ -1781,8 +1781,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3596420230929102349" + "version": "0.22.6.54827", + "templateHash": "8970010319946939362" }, "name": "SQL Managed Instance Encryption Protector", "description": "This module deploys a SQL Managed Instance Encryption Protector.", @@ -1914,8 +1914,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "94742246961044490" + "version": "0.22.6.54827", + "templateHash": "15854210755739319953" }, "name": "SQL Managed Instances Administrator", "description": "This module deploys a SQL Managed Instance Administrator.", diff --git a/modules/sql/managed-instance/security-alert-policy/README.md b/modules/sql/managed-instance/security-alert-policy/README.md index 3986440c01..7b14687f6d 100644 --- a/modules/sql/managed-instance/security-alert-policy/README.md +++ b/modules/sql/managed-instance/security-alert-policy/README.md @@ -19,28 +19,62 @@ This module deploys a SQL Managed Instance Security Alert Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the security alert policy. | +| [`name`](#parameter-name) | string | The name of the security alert policy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `emailAccountAdmins` | bool | `False` | | Specifies that the schedule scan notification will be is sent to the subscription administrators. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `state` | string | `'Disabled'` | `[Disabled, Enabled]` | Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`emailAccountAdmins`](#parameter-emailaccountadmins) | bool | Specifies that the schedule scan notification will be is sent to the subscription administrators. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`state`](#parameter-state) | string | Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided. | + +### Parameter: `emailAccountAdmins` + +Specifies that the schedule scan notification will be is sent to the subscription administrators. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the security alert policy. +- Required: Yes +- Type: string + +### Parameter: `state` + +Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed security alert policy. | | `resourceGroupName` | string | The resource group of the deployed security alert policy. | diff --git a/modules/sql/managed-instance/security-alert-policy/main.json b/modules/sql/managed-instance/security-alert-policy/main.json index 04709674d0..9aa85a482c 100644 --- a/modules/sql/managed-instance/security-alert-policy/main.json +++ b/modules/sql/managed-instance/security-alert-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15021129035939475675" + "version": "0.22.6.54827", + "templateHash": "744224666214582478" }, "name": "SQL Managed Instance Security Alert Policies", "description": "This module deploys a SQL Managed Instance Security Alert Policy.", diff --git a/modules/sql/managed-instance/vulnerability-assessment/README.md b/modules/sql/managed-instance/vulnerability-assessment/README.md index 84442a1c08..52747a9955 100644 --- a/modules/sql/managed-instance/vulnerability-assessment/README.md +++ b/modules/sql/managed-instance/vulnerability-assessment/README.md @@ -20,32 +20,92 @@ This module deploys a SQL Managed Instance Vulnerability Assessment. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the vulnerability assessment. | -| `storageAccountResourceId` | string | A blob storage to hold the scan results. | +| [`name`](#parameter-name) | string | The name of the vulnerability assessment. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | A blob storage to hold the scan results. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | +| [`managedInstanceName`](#parameter-managedinstancename) | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `createStorageRoleAssignment` | bool | `True` | Create the Storage Blob Data Contributor role assignment on the storage account. Note, the role assignment must not already exist on the storage account. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `recurringScansEmails` | array | `[]` | Specifies an array of email addresses to which the scan notification is sent. | -| `recurringScansEmailSubscriptionAdmins` | bool | `False` | Specifies that the schedule scan notification will be is sent to the subscription administrators. | -| `recurringScansIsEnabled` | bool | `False` | Recurring scans state. | -| `useStorageAccountAccessKey` | bool | `False` | Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL MI system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`createStorageRoleAssignment`](#parameter-createstorageroleassignment) | bool | Create the Storage Blob Data Contributor role assignment on the storage account. Note, the role assignment must not already exist on the storage account. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`recurringScansEmails`](#parameter-recurringscansemails) | array | Specifies an array of email addresses to which the scan notification is sent. | +| [`recurringScansEmailSubscriptionAdmins`](#parameter-recurringscansemailsubscriptionadmins) | bool | Specifies that the schedule scan notification will be is sent to the subscription administrators. | +| [`recurringScansIsEnabled`](#parameter-recurringscansisenabled) | bool | Recurring scans state. | +| [`useStorageAccountAccessKey`](#parameter-usestorageaccountaccesskey) | bool | Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL MI system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. | + +### Parameter: `createStorageRoleAssignment` + +Create the Storage Blob Data Contributor role assignment on the storage account. Note, the role assignment must not already exist on the storage account. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the vulnerability assessment. +- Required: Yes +- Type: string + +### Parameter: `recurringScansEmails` + +Specifies an array of email addresses to which the scan notification is sent. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `recurringScansEmailSubscriptionAdmins` + +Specifies that the schedule scan notification will be is sent to the subscription administrators. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `recurringScansIsEnabled` + +Recurring scans state. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `storageAccountResourceId` + +A blob storage to hold the scan results. +- Required: Yes +- Type: string + +### Parameter: `useStorageAccountAccessKey` + +Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL MI system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed vulnerability assessment. | | `resourceGroupName` | string | The resource group of the deployed vulnerability assessment. | diff --git a/modules/sql/managed-instance/vulnerability-assessment/main.json b/modules/sql/managed-instance/vulnerability-assessment/main.json index dd8317e70d..985b3b0dca 100644 --- a/modules/sql/managed-instance/vulnerability-assessment/main.json +++ b/modules/sql/managed-instance/vulnerability-assessment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16824260265514306931" + "version": "0.22.6.54827", + "templateHash": "18315887045308503469" }, "name": "SQL Managed Instance Vulnerability Assessments", "description": "This module deploys a SQL Managed Instance Vulnerability Assessment.", @@ -130,8 +130,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5906561113326922902" + "version": "0.22.6.54827", + "templateHash": "9210546972730714858" } }, "parameters": { diff --git a/modules/sql/server/.test/common/main.test.bicep b/modules/sql/server/.test/common/main.test.bicep index e9ccba36a6..6c3153cc5e 100644 --- a/modules/sql/server/.test/common/main.test.bicep +++ b/modules/sql/server/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/sql/server/README.md b/modules/sql/server/README.md index e93c03a27a..c19646e425 100644 --- a/modules/sql/server/README.md +++ b/modules/sql/server/README.md @@ -5,10 +5,10 @@ This module deploys an Azure SQL Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -32,81 +32,27 @@ This module deploys an Azure SQL Server. | `Microsoft.Sql/servers/virtualNetworkRules` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/virtualNetworkRules) | | `Microsoft.Sql/servers/vulnerabilityAssessments` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/vulnerabilityAssessments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the server. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `administratorLogin` | string | `''` | The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. | -| `administratorLoginPassword` | securestring | `''` | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | -| `administrators` | object | `{object}` | The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. | -| `primaryUserAssignedIdentityId` | string | `''` | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `databases` | array | `[]` | | The databases to create in the server. | -| `elasticPools` | array | `[]` | | The Elastic Pools to create in the server. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionProtectorObj` | _[encryptionProtector](encryption-protector/README.md)_ object | `{object}` | | The encryption protection configuration. | -| `firewallRules` | array | `[]` | | The firewall rules to create in the server. | -| `keys` | array | `[]` | | The keys to configure. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimalTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Minimal TLS version allowed. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and neither firewall rules nor virtual network rules are set. | -| `restrictOutboundNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not to restrict outbound network access for this server. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityAlertPolicies` | array | `[]` | | The security alert policies to create in the server. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkRules` | array | `[]` | | The virtual network rules to create in the server. | -| `vulnerabilityAssessmentsObj` | object | `{object}` | | The vulnerability assessment configuration. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed SQL server. | -| `resourceGroupName` | string | The resource group of the deployed SQL server. | -| `resourceId` | string | The resource ID of the deployed SQL server. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/sql.server:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Admin](#example-1-admin) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Pe](#example-3-pe) +- [Secondary](#example-4-secondary) -

Example 1: Admin

+### Example 1: _Admin_
via Bicep module ```bicep -module server './sql/server/main.bicep' = { +module server 'br:bicep/modules/sql.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlsadmin' params: { // Required parameters @@ -160,14 +106,17 @@ module server './sql/server/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module server './sql/server/main.bicep' = { +module server 'br:bicep/modules/sql.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlscom' params: { // Required parameters @@ -465,14 +414,14 @@ module server './sql/server/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module server './sql/server/main.bicep' = { +module server 'br:bicep/modules/sql.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlspe' params: { // Required parameters @@ -564,14 +513,14 @@ module server './sql/server/main.bicep' = {

-

Example 4: Secondary

+### Example 4: _Secondary_
via Bicep module ```bicep -module server './sql/server/main.bicep' = { +module server 'br:bicep/modules/sql.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-sqlsec' params: { // Required parameters @@ -652,6 +601,237 @@ module server './sql/server/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the server. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. | +| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | +| [`administrators`](#parameter-administrators) | object | The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. | +| [`primaryUserAssignedIdentityId`](#parameter-primaryuserassignedidentityid) | string | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`databases`](#parameter-databases) | array | The databases to create in the server. | +| [`elasticPools`](#parameter-elasticpools) | array | The Elastic Pools to create in the server. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionProtectorObj`](#parameter-encryptionprotectorobj) | object | The encryption protection configuration. | +| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the server. | +| [`keys`](#parameter-keys) | array | The keys to configure. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimalTlsVersion`](#parameter-minimaltlsversion) | string | Minimal TLS version allowed. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and neither firewall rules nor virtual network rules are set. | +| [`restrictOutboundNetworkAccess`](#parameter-restrictoutboundnetworkaccess) | string | Whether or not to restrict outbound network access for this server. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityAlertPolicies`](#parameter-securityalertpolicies) | array | The security alert policies to create in the server. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | The virtual network rules to create in the server. | +| [`vulnerabilityAssessmentsObj`](#parameter-vulnerabilityassessmentsobj) | object | The vulnerability assessment configuration. | + +### Parameter: `administratorLogin` + +The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `administratorLoginPassword` + +The administrator login password. Required if no `administrators` object for AAD authentication is provided. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `administrators` + +The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `databases` + +The databases to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `elasticPools` + +The Elastic Pools to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionProtectorObj` + +The encryption protection configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `firewallRules` + +The firewall rules to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `keys` + +The keys to configure. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimalTlsVersion` + +Minimal TLS version allowed. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the server. +- Required: Yes +- Type: string + +### Parameter: `primaryUserAssignedIdentityId` + +The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and neither firewall rules nor virtual network rules are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `restrictOutboundNetworkAccess` + +Whether or not to restrict outbound network access for this server. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityAlertPolicies` + +The security alert policies to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkRules` + +The virtual network rules to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `vulnerabilityAssessmentsObj` + +The vulnerability assessment configuration. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed SQL server. | +| `resourceGroupName` | string | The resource group of the deployed SQL server. | +| `resourceId` | string | The resource ID of the deployed SQL server. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `administrators` diff --git a/modules/sql/server/database/README.md b/modules/sql/server/database/README.md index 772edc8f0e..e6ac170a59 100644 --- a/modules/sql/server/database/README.md +++ b/modules/sql/server/database/README.md @@ -4,12 +4,12 @@ This module deploys an Azure SQL Server Database. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,60 +22,322 @@ This module deploys an Azure SQL Server Database. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the database. | +| [`name`](#parameter-name) | string | The name of the database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoPauseDelay` | int | `0` | | Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. | -| `backupLongTermRetentionPolicy` | _[backupLongTermRetentionPolicy](backup-long-term-retention-policy/README.md)_ object | `{object}` | | The long term backup retention policy to create for the database. | -| `backupShortTermRetentionPolicy` | _[backupShortTermRetentionPolicy](backup-short-term-retention-policy/README.md)_ object | `{object}` | | The short term backup retention policy to create for the database. | -| `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | The collation of the database. | -| `createMode` | string | `'Default'` | `[Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreLongTermRetentionBackup, Secondary]` | Specifies the mode of database creation. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AutomaticTuning, Blocks, DatabaseWaitStatistics, Deadlocks, DevOpsOperationsAudit, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights, SQLSecurityAuditEvents, Timeouts]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` | `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `elasticPoolId` | string | `''` | | The resource ID of the elastic pool containing this database. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `highAvailabilityReplicaCount` | int | `0` | | The number of readonly secondary replicas associated with the database. | -| `isLedgerOn` | bool | `False` | | Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | -| `licenseType` | string | `''` | | The license type to apply for this database. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `maintenanceConfigurationId` | string | `''` | | Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. | -| `maxSizeBytes` | int | `34359738368` | | The max size of the database expressed in bytes. | -| `minCapacity` | string | `''` | | Minimal capacity that database will always have allocated. | -| `readScale` | string | `'Disabled'` | `[Disabled, Enabled]` | The state of read-only routing. | -| `recoveryServicesRecoveryPointResourceId` | string | `''` | | Resource ID of backup if createMode set to RestoreLongTermRetentionBackup. | -| `requestedBackupStorageRedundancy` | string | `''` | `['', Geo, Local, Zone]` | The storage account type to be used to store backups for this database. | -| `restorePointInTime` | string | `''` | | Point in time (ISO8601 format) of the source database to restore when createMode set to Restore or PointInTimeRestore. | -| `sampleName` | string | `''` | | The name of the sample schema to apply when creating this database. | -| `skuCapacity` | int | `-1` | | Capacity of the particular SKU. | -| `skuFamily` | string | `''` | | If the service has different generations of hardware, for the same SKU, then that can be captured here. | -| `skuName` | string | `'GP_Gen5_2'` | | The name of the SKU. | -| `skuSize` | string | `''` | | Size of the particular SKU. | -| `skuTier` | string | `'GeneralPurpose'` | | The skuTier or edition of the particular SKU. | -| `sourceDatabaseDeletionDate` | string | `''` | | The time that the database was deleted when restoring a deleted database. | -| `sourceDatabaseResourceId` | string | `''` | | Resource ID of database if createMode set to Copy, Secondary, PointInTimeRestore, Recovery or Restore. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundant` | bool | `False` | | Whether or not this database is zone redundant. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoPauseDelay`](#parameter-autopausedelay) | int | Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. | +| [`backupLongTermRetentionPolicy`](#parameter-backuplongtermretentionpolicy) | object | The long term backup retention policy to create for the database. | +| [`backupShortTermRetentionPolicy`](#parameter-backupshorttermretentionpolicy) | object | The short term backup retention policy to create for the database. | +| [`collation`](#parameter-collation) | string | The collation of the database. | +| [`createMode`](#parameter-createmode) | string | Specifies the mode of database creation. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`elasticPoolId`](#parameter-elasticpoolid) | string | The resource ID of the elastic pool containing this database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`highAvailabilityReplicaCount`](#parameter-highavailabilityreplicacount) | int | The number of readonly secondary replicas associated with the database. | +| [`isLedgerOn`](#parameter-isledgeron) | bool | Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | +| [`licenseType`](#parameter-licensetype) | string | The license type to apply for this database. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`maintenanceConfigurationId`](#parameter-maintenanceconfigurationid) | string | Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. | +| [`maxSizeBytes`](#parameter-maxsizebytes) | int | The max size of the database expressed in bytes. | +| [`minCapacity`](#parameter-mincapacity) | string | Minimal capacity that database will always have allocated. | +| [`readScale`](#parameter-readscale) | string | The state of read-only routing. | +| [`recoveryServicesRecoveryPointResourceId`](#parameter-recoveryservicesrecoverypointresourceid) | string | Resource ID of backup if createMode set to RestoreLongTermRetentionBackup. | +| [`requestedBackupStorageRedundancy`](#parameter-requestedbackupstorageredundancy) | string | The storage account type to be used to store backups for this database. | +| [`restorePointInTime`](#parameter-restorepointintime) | string | Point in time (ISO8601 format) of the source database to restore when createMode set to Restore or PointInTimeRestore. | +| [`sampleName`](#parameter-samplename) | string | The name of the sample schema to apply when creating this database. | +| [`skuCapacity`](#parameter-skucapacity) | int | Capacity of the particular SKU. | +| [`skuFamily`](#parameter-skufamily) | string | If the service has different generations of hardware, for the same SKU, then that can be captured here. | +| [`skuName`](#parameter-skuname) | string | The name of the SKU. | +| [`skuSize`](#parameter-skusize) | string | Size of the particular SKU. | +| [`skuTier`](#parameter-skutier) | string | The skuTier or edition of the particular SKU. | +| [`sourceDatabaseDeletionDate`](#parameter-sourcedatabasedeletiondate) | string | The time that the database was deleted when restoring a deleted database. | +| [`sourceDatabaseResourceId`](#parameter-sourcedatabaseresourceid) | string | Resource ID of database if createMode set to Copy, Secondary, PointInTimeRestore, Recovery or Restore. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this database is zone redundant. | + +### Parameter: `autoPauseDelay` + +Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `backupLongTermRetentionPolicy` + +The long term backup retention policy to create for the database. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `backupShortTermRetentionPolicy` + +The short term backup retention policy to create for the database. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `collation` + +The collation of the database. +- Required: No +- Type: string +- Default: `'SQL_Latin1_General_CP1_CI_AS'` + +### Parameter: `createMode` + +Specifies the mode of database creation. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreLongTermRetentionBackup, Secondary]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AutomaticTuning, Blocks, DatabaseWaitStatistics, Deadlocks, DevOpsOperationsAudit, Errors, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, SQLInsights, SQLSecurityAuditEvents, Timeouts]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` +- Allowed: `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `elasticPoolId` + +The resource ID of the elastic pool containing this database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `highAvailabilityReplicaCount` + +The number of readonly secondary replicas associated with the database. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `isLedgerOn` + +Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `licenseType` + +The license type to apply for this database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `maintenanceConfigurationId` + +Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `maxSizeBytes` + +The max size of the database expressed in bytes. +- Required: No +- Type: int +- Default: `34359738368` + +### Parameter: `minCapacity` + +Minimal capacity that database will always have allocated. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the database. +- Required: Yes +- Type: string + +### Parameter: `readScale` + +The state of read-only routing. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `recoveryServicesRecoveryPointResourceId` + +Resource ID of backup if createMode set to RestoreLongTermRetentionBackup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `requestedBackupStorageRedundancy` + +The storage account type to be used to store backups for this database. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Geo, Local, Zone]` + +### Parameter: `restorePointInTime` + +Point in time (ISO8601 format) of the source database to restore when createMode set to Restore or PointInTimeRestore. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sampleName` + +The name of the sample schema to apply when creating this database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `skuCapacity` + +Capacity of the particular SKU. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `skuFamily` + +If the service has different generations of hardware, for the same SKU, then that can be captured here. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `skuName` + +The name of the SKU. +- Required: No +- Type: string +- Default: `'GP_Gen5_2'` + +### Parameter: `skuSize` + +Size of the particular SKU. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `skuTier` + +The skuTier or edition of the particular SKU. +- Required: No +- Type: string +- Default: `'GeneralPurpose'` + +### Parameter: `sourceDatabaseDeletionDate` + +The time that the database was deleted when restoring a deleted database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceDatabaseResourceId` + +Resource ID of database if createMode set to Copy, Secondary, PointInTimeRestore, Recovery or Restore. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +Whether or not this database is zone redundant. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed database. | diff --git a/modules/sql/server/database/backup-long-term-retention-policy/README.md b/modules/sql/server/database/backup-long-term-retention-policy/README.md index d72538713b..3a8d87595a 100644 --- a/modules/sql/server/database/backup-long-term-retention-policy/README.md +++ b/modules/sql/server/database/backup-long-term-retention-policy/README.md @@ -19,25 +19,72 @@ This module deploys an Azure SQL Server Database Long-Term Backup Retention Poli **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseName` | string | The name of the parent database. | -| `serverName` | string | The name of the parent SQL Server. | +| [`databaseName`](#parameter-databasename) | string | The name of the parent database. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `monthlyRetention` | string | `''` | Weekly retention in ISO 8601 duration format. | -| `weeklyRetention` | string | `''` | Monthly retention in ISO 8601 duration format. | -| `weekOfYear` | int | `1` | Week of year backup to keep for yearly retention. | -| `yearlyRetention` | string | `''` | Yearly retention in ISO 8601 duration format. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`monthlyRetention`](#parameter-monthlyretention) | string | Weekly retention in ISO 8601 duration format. | +| [`weeklyRetention`](#parameter-weeklyretention) | string | Monthly retention in ISO 8601 duration format. | +| [`weekOfYear`](#parameter-weekofyear) | int | Week of year backup to keep for yearly retention. | +| [`yearlyRetention`](#parameter-yearlyretention) | string | Yearly retention in ISO 8601 duration format. | + +### Parameter: `databaseName` + +The name of the parent database. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `monthlyRetention` + +Weekly retention in ISO 8601 duration format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serverName` + +The name of the parent SQL Server. +- Required: Yes +- Type: string + +### Parameter: `weeklyRetention` + +Monthly retention in ISO 8601 duration format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `weekOfYear` + +Week of year backup to keep for yearly retention. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `yearlyRetention` + +Yearly retention in ISO 8601 duration format. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the long-term policy. | | `resourceGroupName` | string | The resource group the long-term policy was deployed into. | diff --git a/modules/sql/server/database/backup-long-term-retention-policy/main.json b/modules/sql/server/database/backup-long-term-retention-policy/main.json index 0519d9c583..6d00874970 100644 --- a/modules/sql/server/database/backup-long-term-retention-policy/main.json +++ b/modules/sql/server/database/backup-long-term-retention-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9219416659486760074" + "version": "0.22.6.54827", + "templateHash": "8422402072460240545" }, "name": "SQL Server Database Long Term Backup Retention Policies", "description": "This module deploys an Azure SQL Server Database Long-Term Backup Retention Policy.", diff --git a/modules/sql/server/database/backup-short-term-retention-policy/README.md b/modules/sql/server/database/backup-short-term-retention-policy/README.md index d5d7afccf7..d6df1d73e8 100644 --- a/modules/sql/server/database/backup-short-term-retention-policy/README.md +++ b/modules/sql/server/database/backup-short-term-retention-policy/README.md @@ -19,23 +19,56 @@ This module deploys an Azure SQL Server Database Short-Term Backup Retention Pol **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseName` | string | The name of the parent database. | -| `serverName` | string | The name of the parent SQL Server. | +| [`databaseName`](#parameter-databasename) | string | The name of the parent database. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `diffBackupIntervalInHours` | int | `24` | Differential backup interval in hours. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `retentionDays` | int | `7` | Poin-in-time retention in days. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diffBackupIntervalInHours`](#parameter-diffbackupintervalinhours) | int | Differential backup interval in hours. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`retentionDays`](#parameter-retentiondays) | int | Poin-in-time retention in days. | + +### Parameter: `databaseName` + +The name of the parent database. +- Required: Yes +- Type: string + +### Parameter: `diffBackupIntervalInHours` + +Differential backup interval in hours. +- Required: No +- Type: int +- Default: `24` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `retentionDays` + +Poin-in-time retention in days. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `serverName` + +The name of the parent SQL Server. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the short-term policy. | | `resourceGroupName` | string | The resource group the short-term policy was deployed into. | diff --git a/modules/sql/server/database/backup-short-term-retention-policy/main.json b/modules/sql/server/database/backup-short-term-retention-policy/main.json index 50bb545bd8..64a75a29be 100644 --- a/modules/sql/server/database/backup-short-term-retention-policy/main.json +++ b/modules/sql/server/database/backup-short-term-retention-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2184125360304496486" + "version": "0.22.6.54827", + "templateHash": "11274542290979624142" }, "name": "Azure SQL Server Database Short Term Backup Retention Policies", "description": "This module deploys an Azure SQL Server Database Short-Term Backup Retention Policy.", diff --git a/modules/sql/server/database/main.json b/modules/sql/server/database/main.json index d1f5ef5b28..13c0eb69b1 100644 --- a/modules/sql/server/database/main.json +++ b/modules/sql/server/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "641387093656497816" + "version": "0.22.6.54827", + "templateHash": "7000207485744795208" }, "name": "SQL Server Database", "description": "This module deploys an Azure SQL Server Database.", @@ -425,8 +425,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2184125360304496486" + "version": "0.22.6.54827", + "templateHash": "11274542290979624142" }, "name": "Azure SQL Server Database Short Term Backup Retention Policies", "description": "This module deploys an Azure SQL Server Database Short-Term Backup Retention Policy.", @@ -548,8 +548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9219416659486760074" + "version": "0.22.6.54827", + "templateHash": "8422402072460240545" }, "name": "SQL Server Database Long Term Backup Retention Policies", "description": "This module deploys an Azure SQL Server Database Long-Term Backup Retention Policy.", diff --git a/modules/sql/server/elastic-pool/README.md b/modules/sql/server/elastic-pool/README.md index 97d38ea3bc..a9b07265b1 100644 --- a/modules/sql/server/elastic-pool/README.md +++ b/modules/sql/server/elastic-pool/README.md @@ -19,39 +19,150 @@ This module deploys an Azure SQL Server Elastic Pool. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Elastic Pool. | +| [`name`](#parameter-name) | string | The name of the Elastic Pool. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `databaseMaxCapacity` | int | `2` | | The maximum capacity any one database can consume. | -| `databaseMinCapacity` | int | `0` | | The minimum capacity all databases are guaranteed. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `highAvailabilityReplicaCount` | int | `-1` | | The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools. | -| `licenseType` | string | `'LicenseIncluded'` | `[BasePrice, LicenseIncluded]` | The license type to apply for this elastic pool. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `maintenanceConfigurationId` | string | `''` | | Maintenance configuration resource ID assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur. | -| `maxSizeBytes` | int | `34359738368` | | The storage limit for the database elastic pool in bytes. | -| `minCapacity` | int | `-1` | | Minimal capacity that serverless pool will not shrink below, if not paused. | -| `skuCapacity` | int | `2` | | Capacity of the particular SKU. | -| `skuName` | string | `'GP_Gen5'` | | The name of the SKU, typically, a letter + Number code, e.g. P3. | -| `skuTier` | string | `'GeneralPurpose'` | | The tier or edition of the particular SKU, e.g. Basic, Premium. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundant` | bool | `False` | | Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`databaseMaxCapacity`](#parameter-databasemaxcapacity) | int | The maximum capacity any one database can consume. | +| [`databaseMinCapacity`](#parameter-databasemincapacity) | int | The minimum capacity all databases are guaranteed. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`highAvailabilityReplicaCount`](#parameter-highavailabilityreplicacount) | int | The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools. | +| [`licenseType`](#parameter-licensetype) | string | The license type to apply for this elastic pool. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`maintenanceConfigurationId`](#parameter-maintenanceconfigurationid) | string | Maintenance configuration resource ID assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur. | +| [`maxSizeBytes`](#parameter-maxsizebytes) | int | The storage limit for the database elastic pool in bytes. | +| [`minCapacity`](#parameter-mincapacity) | int | Minimal capacity that serverless pool will not shrink below, if not paused. | +| [`skuCapacity`](#parameter-skucapacity) | int | Capacity of the particular SKU. | +| [`skuName`](#parameter-skuname) | string | The name of the SKU, typically, a letter + Number code, e.g. P3. | +| [`skuTier`](#parameter-skutier) | string | The tier or edition of the particular SKU, e.g. Basic, Premium. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones. | + +### Parameter: `databaseMaxCapacity` + +The maximum capacity any one database can consume. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `databaseMinCapacity` + +The minimum capacity all databases are guaranteed. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `highAvailabilityReplicaCount` + +The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `licenseType` + +The license type to apply for this elastic pool. +- Required: No +- Type: string +- Default: `'LicenseIncluded'` +- Allowed: `[BasePrice, LicenseIncluded]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `maintenanceConfigurationId` + +Maintenance configuration resource ID assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `maxSizeBytes` + +The storage limit for the database elastic pool in bytes. +- Required: No +- Type: int +- Default: `34359738368` + +### Parameter: `minCapacity` + +Minimal capacity that serverless pool will not shrink below, if not paused. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `name` + +The name of the Elastic Pool. +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `skuCapacity` + +Capacity of the particular SKU. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `skuName` + +The name of the SKU, typically, a letter + Number code, e.g. P3. +- Required: No +- Type: string +- Default: `'GP_Gen5'` + +### Parameter: `skuTier` + +The tier or edition of the particular SKU, e.g. Basic, Premium. +- Required: No +- Type: string +- Default: `'GeneralPurpose'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed Elastic Pool. | diff --git a/modules/sql/server/elastic-pool/main.json b/modules/sql/server/elastic-pool/main.json index 4eca83e47a..4f107f39b6 100644 --- a/modules/sql/server/elastic-pool/main.json +++ b/modules/sql/server/elastic-pool/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7347226856045672059" + "version": "0.22.6.54827", + "templateHash": "1361594412163336206" }, "name": "SQL Server Elastic Pool", "description": "This module deploys an Azure SQL Server Elastic Pool.", diff --git a/modules/sql/server/encryption-protector/README.md b/modules/sql/server/encryption-protector/README.md index bfa990d0d5..435f550d8a 100644 --- a/modules/sql/server/encryption-protector/README.md +++ b/modules/sql/server/encryption-protector/README.md @@ -19,28 +19,62 @@ This module deploys an Azure SQL Server Encryption Protector. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverKeyName` | string | The name of the server key. | +| [`serverKeyName`](#parameter-serverkeyname) | string | The name of the server key. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `sqlServerName` | string | The name of the sql server. Required if the template is used in a standalone deployment. | +| [`sqlServerName`](#parameter-sqlservername) | string | The name of the sql server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoRotationEnabled` | bool | `False` | | Key auto rotation opt-in. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `serverKeyType` | string | `'ServiceManaged'` | `[AzureKeyVault, ServiceManaged]` | The encryption protector type. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoRotationEnabled`](#parameter-autorotationenabled) | bool | Key auto rotation opt-in. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type. | + +### Parameter: `autoRotationEnabled` + +Key auto rotation opt-in. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `serverKeyName` + +The name of the server key. +- Required: Yes +- Type: string + +### Parameter: `serverKeyType` + +The encryption protector type. +- Required: No +- Type: string +- Default: `'ServiceManaged'` +- Allowed: `[AzureKeyVault, ServiceManaged]` + +### Parameter: `sqlServerName` + +The name of the sql server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed encryption protector. | | `resourceGroupName` | string | The resource group of the deployed encryption protector. | diff --git a/modules/sql/server/encryption-protector/main.json b/modules/sql/server/encryption-protector/main.json index 17c94ae4d0..097ded1243 100644 --- a/modules/sql/server/encryption-protector/main.json +++ b/modules/sql/server/encryption-protector/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14781745235892971560" + "version": "0.22.6.54827", + "templateHash": "1128739845456097575" }, "name": "Azure SQL Server Encryption Protector", "description": "This module deploys an Azure SQL Server Encryption Protector.", diff --git a/modules/sql/server/firewall-rule/README.md b/modules/sql/server/firewall-rule/README.md index cb028371bc..02a9a24294 100644 --- a/modules/sql/server/firewall-rule/README.md +++ b/modules/sql/server/firewall-rule/README.md @@ -19,28 +19,61 @@ This module deploys an Azure SQL Server Firewall Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Server Firewall Rule. | +| [`name`](#parameter-name) | string | The name of the Server Firewall Rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endIpAddress` | string | `'0.0.0.0'` | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | -| `startIpAddress` | string | `'0.0.0.0'` | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endIpAddress` + +The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: No +- Type: string +- Default: `'0.0.0.0'` + +### Parameter: `name` + +The name of the Server Firewall Rule. +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `startIpAddress` + +The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: No +- Type: string +- Default: `'0.0.0.0'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed firewall rule. | | `resourceGroupName` | string | The resource group of the deployed firewall rule. | diff --git a/modules/sql/server/firewall-rule/main.json b/modules/sql/server/firewall-rule/main.json index 352001c934..4c7a239b94 100644 --- a/modules/sql/server/firewall-rule/main.json +++ b/modules/sql/server/firewall-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3172947896499441492" + "version": "0.22.6.54827", + "templateHash": "17694214441241917212" }, "name": "Azure SQL Server Firewall Rule", "description": "This module deploys an Azure SQL Server Firewall Rule.", diff --git a/modules/sql/server/key/README.md b/modules/sql/server/key/README.md index e39339513d..b5f44125a5 100644 --- a/modules/sql/server/key/README.md +++ b/modules/sql/server/key/README.md @@ -19,28 +19,62 @@ This module deploys an Azure SQL Server Key. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the key. Must follow the [__] pattern. | +| [`name`](#parameter-name) | string | The name of the key. Must follow the [__] pattern. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL server. Required if the template is used in a standalone deployment. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `serverKeyType` | string | `'ServiceManaged'` | `[AzureKeyVault, ServiceManaged]` | The encryption protector type like "ServiceManaged", "AzureKeyVault". | -| `uri` | string | `''` | | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type like "ServiceManaged", "AzureKeyVault". | +| [`uri`](#parameter-uri) | string | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the key. Must follow the [__] pattern. +- Required: Yes +- Type: string + +### Parameter: `serverKeyType` + +The encryption protector type like "ServiceManaged", "AzureKeyVault". +- Required: No +- Type: string +- Default: `'ServiceManaged'` +- Allowed: `[AzureKeyVault, ServiceManaged]` + +### Parameter: `serverName` + +The name of the parent SQL server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `uri` + +The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed server key. | | `resourceGroupName` | string | The resource group of the deployed server key. | diff --git a/modules/sql/server/key/main.json b/modules/sql/server/key/main.json index 6f88f16d58..7e4fc30512 100644 --- a/modules/sql/server/key/main.json +++ b/modules/sql/server/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17103037079550179702" + "version": "0.22.6.54827", + "templateHash": "11118825836661698100" }, "name": "Azure SQL Server Keys", "description": "This module deploys an Azure SQL Server Key.", diff --git a/modules/sql/server/main.json b/modules/sql/server/main.json index 6a1d922d2a..37cb2893eb 100644 --- a/modules/sql/server/main.json +++ b/modules/sql/server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8694419597061926124" + "version": "0.22.6.54827", + "templateHash": "9716612519097639469" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -286,8 +286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "484260346793465381" + "version": "0.22.6.54827", + "templateHash": "5938444191464090228" } }, "parameters": { @@ -473,8 +473,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16360680719988023446" + "version": "0.22.6.54827", + "templateHash": "7000207485744795208" }, "name": "SQL Server Database", "description": "This module deploys an Azure SQL Server Database.", @@ -894,8 +894,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4382058876460070717" + "version": "0.22.6.54827", + "templateHash": "11274542290979624142" }, "name": "Azure SQL Server Database Short Term Backup Retention Policies", "description": "This module deploys an Azure SQL Server Database Short-Term Backup Retention Policy.", @@ -1017,8 +1017,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15709058610853670225" + "version": "0.22.6.54827", + "templateHash": "8422402072460240545" }, "name": "SQL Server Database Long Term Backup Retention Policies", "description": "This module deploys an Azure SQL Server Database Long-Term Backup Retention Policy.", @@ -1212,8 +1212,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9604308026054276666" + "version": "0.22.6.54827", + "templateHash": "1361594412163336206" }, "name": "SQL Server Elastic Pool", "description": "This module deploys an Azure SQL Server Elastic Pool.", @@ -1457,8 +1457,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1657,8 +1657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1795,8 +1795,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2007,8 +2007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7423786467503129522" + "version": "0.22.6.54827", + "templateHash": "17694214441241917212" }, "name": "Azure SQL Server Firewall Rule", "description": "This module deploys an Azure SQL Server Firewall Rule.", @@ -2137,8 +2137,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3695719618066271143" + "version": "0.22.6.54827", + "templateHash": "6942471200332924480" }, "name": "Azure SQL Server Virtual Network Rules", "description": "This module deploys an Azure SQL Server Virtual Network Rule.", @@ -2269,8 +2269,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11767059399657225890" + "version": "0.22.6.54827", + "templateHash": "13278850436753309790" }, "name": "Azure SQL Server Security Alert Policies", "description": "This module deploys an Azure SQL Server Security Alert Policy.", @@ -2440,8 +2440,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7320869198261602557" + "version": "0.22.6.54827", + "templateHash": "10943798083405880032" }, "name": "Azure SQL Server Vulnerability Assessments", "description": "This module deploys an Azure SQL Server Vulnerability Assessment.", @@ -2588,8 +2588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3865700430562721282" + "version": "0.22.6.54827", + "templateHash": "11118825836661698100" }, "name": "Azure SQL Server Keys", "description": "This module deploys an Azure SQL Server Key.", @@ -2721,8 +2721,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16115324341422318865" + "version": "0.22.6.54827", + "templateHash": "1128739845456097575" }, "name": "Azure SQL Server Encryption Protector", "description": "This module deploys an Azure SQL Server Encryption Protector.", diff --git a/modules/sql/server/security-alert-policy/README.md b/modules/sql/server/security-alert-policy/README.md index db18f7b06f..765094b147 100644 --- a/modules/sql/server/security-alert-policy/README.md +++ b/modules/sql/server/security-alert-policy/README.md @@ -19,33 +19,102 @@ This module deploys an Azure SQL Server Security Alert Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Security Alert Policy. | +| [`name`](#parameter-name) | string | The name of the Security Alert Policy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `disabledAlerts` | array | `[]` | | Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force. | -| `emailAccountAdmins` | bool | `False` | | Specifies that the alert is sent to the account administrators. | -| `emailAddresses` | array | `[]` | | Specifies an array of email addresses to which the alert is sent. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `retentionDays` | int | `0` | | Specifies the number of days to keep in the Threat Detection audit logs. | -| `state` | string | `'Disabled'` | `[Disabled, Enabled]` | Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. | -| `storageAccountAccessKey` | securestring | `''` | | Specifies the identifier key of the Threat Detection audit storage account.. | -| `storageEndpoint` | string | `''` | | Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`disabledAlerts`](#parameter-disabledalerts) | array | Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force. | +| [`emailAccountAdmins`](#parameter-emailaccountadmins) | bool | Specifies that the alert is sent to the account administrators. | +| [`emailAddresses`](#parameter-emailaddresses) | array | Specifies an array of email addresses to which the alert is sent. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`retentionDays`](#parameter-retentiondays) | int | Specifies the number of days to keep in the Threat Detection audit logs. | +| [`state`](#parameter-state) | string | Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. | +| [`storageAccountAccessKey`](#parameter-storageaccountaccesskey) | securestring | Specifies the identifier key of the Threat Detection audit storage account.. | +| [`storageEndpoint`](#parameter-storageendpoint) | string | Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. | + +### Parameter: `disabledAlerts` + +Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `emailAccountAdmins` + +Specifies that the alert is sent to the account administrators. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `emailAddresses` + +Specifies an array of email addresses to which the alert is sent. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the Security Alert Policy. +- Required: Yes +- Type: string + +### Parameter: `retentionDays` + +Specifies the number of days to keep in the Threat Detection audit logs. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `state` + +Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `storageAccountAccessKey` + +Specifies the identifier key of the Threat Detection audit storage account.. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `storageEndpoint` + +Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed security alert policy. | | `resourceGroupName` | string | The resource group of the deployed security alert policy. | diff --git a/modules/sql/server/security-alert-policy/main.json b/modules/sql/server/security-alert-policy/main.json index 6855d265d5..5e45eacbe7 100644 --- a/modules/sql/server/security-alert-policy/main.json +++ b/modules/sql/server/security-alert-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15954751031444198635" + "version": "0.22.6.54827", + "templateHash": "13278850436753309790" }, "name": "Azure SQL Server Security Alert Policies", "description": "This module deploys an Azure SQL Server Security Alert Policy.", diff --git a/modules/sql/server/virtual-network-rule/README.md b/modules/sql/server/virtual-network-rule/README.md index 94da54fc6f..9124257799 100644 --- a/modules/sql/server/virtual-network-rule/README.md +++ b/modules/sql/server/virtual-network-rule/README.md @@ -19,28 +19,60 @@ This module deploys an Azure SQL Server Virtual Network Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Server Virtual Network Rule. | -| `virtualNetworkSubnetId` | string | The resource ID of the virtual network subnet. | +| [`name`](#parameter-name) | string | The name of the Server Virtual Network Rule. | +| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | The resource ID of the virtual network subnet. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | +| [`serverName`](#parameter-servername) | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ignoreMissingVnetServiceEndpoint` | bool | `False` | Allow creating a firewall rule before the virtual network has vnet service endpoint enabled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ignoreMissingVnetServiceEndpoint`](#parameter-ignoremissingvnetserviceendpoint) | bool | Allow creating a firewall rule before the virtual network has vnet service endpoint enabled. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ignoreMissingVnetServiceEndpoint` + +Allow creating a firewall rule before the virtual network has vnet service endpoint enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `name` + +The name of the Server Virtual Network Rule. +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `virtualNetworkSubnetId` + +The resource ID of the virtual network subnet. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed virtual network rule. | | `resourceGroupName` | string | The resource group of the deployed virtual network rule. | diff --git a/modules/sql/server/virtual-network-rule/main.json b/modules/sql/server/virtual-network-rule/main.json index e2db4b658a..b718729e1a 100644 --- a/modules/sql/server/virtual-network-rule/main.json +++ b/modules/sql/server/virtual-network-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8465167845638762436" + "version": "0.22.6.54827", + "templateHash": "6942471200332924480" }, "name": "Azure SQL Server Virtual Network Rules", "description": "This module deploys an Azure SQL Server Virtual Network Rule.", diff --git a/modules/sql/server/vulnerability-assessment/README.md b/modules/sql/server/vulnerability-assessment/README.md index 19d8e43fdd..ca920e3719 100644 --- a/modules/sql/server/vulnerability-assessment/README.md +++ b/modules/sql/server/vulnerability-assessment/README.md @@ -19,25 +19,72 @@ This module deploys an Azure SQL Server Vulnerability Assessment. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the vulnerability assessment. | -| `serverName` | string | The Name of SQL Server. | +| [`name`](#parameter-name) | string | The name of the vulnerability assessment. | +| [`serverName`](#parameter-servername) | string | The Name of SQL Server. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `recurringScansEmails` | array | `[]` | Specifies an array of email addresses to which the scan notification is sent. | -| `recurringScansEmailSubscriptionAdmins` | bool | `False` | Specifies that the schedule scan notification will be is sent to the subscription administrators. | -| `recurringScansIsEnabled` | bool | `False` | Recurring scans state. | -| `storageAccountResourceId` | string | `''` | A blob storage to hold the scan results. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`recurringScansEmails`](#parameter-recurringscansemails) | array | Specifies an array of email addresses to which the scan notification is sent. | +| [`recurringScansEmailSubscriptionAdmins`](#parameter-recurringscansemailsubscriptionadmins) | bool | Specifies that the schedule scan notification will be is sent to the subscription administrators. | +| [`recurringScansIsEnabled`](#parameter-recurringscansisenabled) | bool | Recurring scans state. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | A blob storage to hold the scan results. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the vulnerability assessment. +- Required: Yes +- Type: string + +### Parameter: `recurringScansEmails` + +Specifies an array of email addresses to which the scan notification is sent. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `recurringScansEmailSubscriptionAdmins` + +Specifies that the schedule scan notification will be is sent to the subscription administrators. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `recurringScansIsEnabled` + +Recurring scans state. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `serverName` + +The Name of SQL Server. +- Required: Yes +- Type: string + +### Parameter: `storageAccountResourceId` + +A blob storage to hold the scan results. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed vulnerability assessment. | | `resourceGroupName` | string | The resource group of the deployed vulnerability assessment. | diff --git a/modules/sql/server/vulnerability-assessment/main.json b/modules/sql/server/vulnerability-assessment/main.json index 200a3baedf..1e52c4fa98 100644 --- a/modules/sql/server/vulnerability-assessment/main.json +++ b/modules/sql/server/vulnerability-assessment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13755079853951277921" + "version": "0.22.6.54827", + "templateHash": "10943798083405880032" }, "name": "Azure SQL Server Vulnerability Assessments", "description": "This module deploys an Azure SQL Server Vulnerability Assessment.", diff --git a/modules/storage/storage-account/.test/common/main.test.bicep b/modules/storage/storage-account/.test/common/main.test.bicep index 57323509f2..4a706b1279 100644 --- a/modules/storage/storage-account/.test/common/main.test.bicep +++ b/modules/storage/storage-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/storage/storage-account/.test/min/main.test.bicep b/modules/storage/storage-account/.test/min/main.test.bicep index e28ad38d60..c96293aff1 100644 --- a/modules/storage/storage-account/.test/min/main.test.bicep +++ b/modules/storage/storage-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/storage/storage-account/README.md b/modules/storage/storage-account/README.md index 571fa9e6d7..257e7ecc6c 100644 --- a/modules/storage/storage-account/README.md +++ b/modules/storage/storage-account/README.md @@ -4,14 +4,14 @@ This module deploys a Storage Account. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -33,106 +33,31 @@ This module deploys a Storage Account. | `Microsoft.Storage/storageAccounts/tableServices` | [2021-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/tableServices) | | `Microsoft.Storage/storageAccounts/tableServices/tables` | [2021-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/tableServices/tables) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Storage Account. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessTier` | string | `'Hot'` | `[Cool, Hot, Premium]` | Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The "Premium" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type. | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | -| `enableHierarchicalNamespace` | bool | `False` | | If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowBlobPublicAccess` | bool | `False` | | Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false. | -| `allowCrossTenantReplication` | bool | `True` | | Allow or disallow cross AAD tenant object replication. | -| `allowedCopyScope` | string | `''` | `['', AAD, PrivateLink]` | Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. | -| `allowSharedKeyAccess` | bool | `True` | | Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true. | -| `azureFilesIdentityBasedAuthentication` | object | `{object}` | | Provides the identity based authentication settings for Azure Files. | -| `blobServices` | object | `{object}` | | Blob service and containers to deploy. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, latest is used. | -| `customDomainName` | string | `''` | | Sets the custom domain name assigned to the storage account. Name is the CNAME source. | -| `customDomainUseSubDomainName` | bool | `False` | | Indicates whether indirect CName validation is enabled. This should only be set on updates. | -| `defaultToOAuthAuthentication` | bool | `False` | | A boolean flag which indicates whether the default authentication is OAuth or not. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsEndpointType` | string | `''` | `['', AzureDnsZone, Standard]` | Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableNfsV3` | bool | `False` | | If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true. | -| `enableSftp` | bool | `False` | | If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true. | -| `fileServices` | object | `{object}` | | File service and shares to deploy. | -| `isLocalUserEnabled` | bool | `False` | | Enables local users feature, if set to true. | -| `kind` | string | `'StorageV2'` | `[BlobStorage, BlockBlobStorage, FileStorage, Storage, StorageV2]` | Type of Storage Account to create. | -| `largeFileSharesState` | string | `'Disabled'` | `[Disabled, Enabled]` | Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares). | -| `localUsers` | array | `[]` | | Local users to deploy for SFTP authentication. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managementPolicyRules` | array | `[]` | | The Storage Account ManagementPolicies Rules. | -| `minimumTlsVersion` | string | `'TLS1_2'` | `[TLS1_0, TLS1_1, TLS1_2]` | Set the minimum TLS version on request to storage. | -| `networkAcls` | object | `{object}` | | Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | -| `queueServices` | object | `{object}` | | Queue service and queues to create. | -| `requireInfrastructureEncryption` | bool | `True` | | A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sasExpirationPeriod` | string | `''` | | The SAS expiration period. DD.HH:MM:SS. | -| `skuName` | string | `'Standard_GRS'` | `[Premium_LRS, Premium_ZRS, Standard_GRS, Standard_GZRS, Standard_LRS, Standard_RAGRS, Standard_RAGZRS, Standard_ZRS]` | Storage Account Sku Name. | -| `supportsHttpsTrafficOnly` | bool | `True` | | Allows HTTPS traffic only to storage service if sets to true. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tableServices` | object | `{object}` | | Table service and tables to create. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed storage account. | -| `primaryBlobEndpoint` | string | The primary blob endpoint reference if blob services are deployed. | -| `resourceGroupName` | string | The resource group of the deployed storage account. | -| `resourceId` | string | The resource ID of the deployed storage account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/storage.storage-account:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Nfs](#example-4-nfs) +- [V1](#example-5-v1) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module storageAccount './storage/storage-account/main.bicep' = { +module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssacom' params: { // Required parameters @@ -654,14 +579,14 @@ module storageAccount './storage/storage-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module storageAccount './storage/storage-account/main.bicep' = { +module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssaencr' params: { // Required parameters @@ -825,14 +750,17 @@ module storageAccount './storage/storage-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module storageAccount './storage/storage-account/main.bicep' = { +module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssamin' params: { // Required parameters @@ -874,14 +802,14 @@ module storageAccount './storage/storage-account/main.bicep' = {

-

Example 4: Nfs

+### Example 4: _Nfs_
via Bicep module ```bicep -module storageAccount './storage/storage-account/main.bicep' = { +module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssanfs' params: { // Required parameters @@ -1017,14 +945,14 @@ module storageAccount './storage/storage-account/main.bicep' = {

-

Example 5: V1

+### Example 5: _V1_
via Bicep module ```bicep -module storageAccount './storage/storage-account/main.bicep' = { +module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ssav1' params: { // Required parameters @@ -1083,6 +1011,436 @@ module storageAccount './storage/storage-account/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Storage Account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessTier`](#parameter-accesstier) | string | Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The "Premium" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type. | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | +| [`enableHierarchicalNamespace`](#parameter-enablehierarchicalnamespace) | bool | If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowBlobPublicAccess`](#parameter-allowblobpublicaccess) | bool | Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false. | +| [`allowCrossTenantReplication`](#parameter-allowcrosstenantreplication) | bool | Allow or disallow cross AAD tenant object replication. | +| [`allowedCopyScope`](#parameter-allowedcopyscope) | string | Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. | +| [`allowSharedKeyAccess`](#parameter-allowsharedkeyaccess) | bool | Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true. | +| [`azureFilesIdentityBasedAuthentication`](#parameter-azurefilesidentitybasedauthentication) | object | Provides the identity based authentication settings for Azure Files. | +| [`blobServices`](#parameter-blobservices) | object | Blob service and containers to deploy. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, latest is used. | +| [`customDomainName`](#parameter-customdomainname) | string | Sets the custom domain name assigned to the storage account. Name is the CNAME source. | +| [`customDomainUseSubDomainName`](#parameter-customdomainusesubdomainname) | bool | Indicates whether indirect CName validation is enabled. This should only be set on updates. | +| [`defaultToOAuthAuthentication`](#parameter-defaulttooauthauthentication) | bool | A boolean flag which indicates whether the default authentication is OAuth or not. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`dnsEndpointType`](#parameter-dnsendpointtype) | string | Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableNfsV3`](#parameter-enablenfsv3) | bool | If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true. | +| [`enableSftp`](#parameter-enablesftp) | bool | If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true. | +| [`fileServices`](#parameter-fileservices) | object | File service and shares to deploy. | +| [`isLocalUserEnabled`](#parameter-islocaluserenabled) | bool | Enables local users feature, if set to true. | +| [`kind`](#parameter-kind) | string | Type of Storage Account to create. | +| [`largeFileSharesState`](#parameter-largefilesharesstate) | string | Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares). | +| [`localUsers`](#parameter-localusers) | array | Local users to deploy for SFTP authentication. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managementPolicyRules`](#parameter-managementpolicyrules) | array | The Storage Account ManagementPolicies Rules. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Set the minimum TLS version on request to storage. | +| [`networkAcls`](#parameter-networkacls) | object | Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | +| [`queueServices`](#parameter-queueservices) | object | Queue service and queues to create. | +| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sasExpirationPeriod`](#parameter-sasexpirationperiod) | string | The SAS expiration period. DD.HH:MM:SS. | +| [`skuName`](#parameter-skuname) | string | Storage Account Sku Name. | +| [`supportsHttpsTrafficOnly`](#parameter-supportshttpstrafficonly) | bool | Allows HTTPS traffic only to storage service if sets to true. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tableServices`](#parameter-tableservices) | object | Table service and tables to create. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `accessTier` + +Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The "Premium" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type. +- Required: No +- Type: string +- Default: `'Hot'` +- Allowed: `[Cool, Hot, Premium]` + +### Parameter: `allowBlobPublicAccess` + +Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `allowCrossTenantReplication` + +Allow or disallow cross AAD tenant object replication. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `allowedCopyScope` + +Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AAD, PrivateLink]` + +### Parameter: `allowSharedKeyAccess` + +Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `azureFilesIdentityBasedAuthentication` + +Provides the identity based authentication settings for Azure Files. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `blobServices` + +Blob service and containers to deploy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, latest is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customDomainName` + +Sets the custom domain name assigned to the storage account. Name is the CNAME source. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customDomainUseSubDomainName` + +Indicates whether indirect CName validation is enabled. This should only be set on updates. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `defaultToOAuthAuthentication` + +A boolean flag which indicates whether the default authentication is OAuth or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Transaction]` +- Allowed: `[Transaction]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsEndpointType` + +Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AzureDnsZone, Standard]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableHierarchicalNamespace` + +If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableNfsV3` + +If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableSftp` + +If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `fileServices` + +File service and shares to deploy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `isLocalUserEnabled` + +Enables local users feature, if set to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kind` + +Type of Storage Account to create. +- Required: No +- Type: string +- Default: `'StorageV2'` +- Allowed: `[BlobStorage, BlockBlobStorage, FileStorage, Storage, StorageV2]` + +### Parameter: `largeFileSharesState` + +Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares). +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `localUsers` + +Local users to deploy for SFTP authentication. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managementPolicyRules` + +The Storage Account ManagementPolicies Rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `minimumTlsVersion` + +Set the minimum TLS version on request to storage. +- Required: No +- Type: string +- Default: `'TLS1_2'` +- Allowed: `[TLS1_0, TLS1_1, TLS1_2]` + +### Parameter: `name` + +Name of the Storage Account. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `queueServices` + +Queue service and queues to create. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `requireInfrastructureEncryption` + +A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sasExpirationPeriod` + +The SAS expiration period. DD.HH:MM:SS. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `skuName` + +Storage Account Sku Name. +- Required: No +- Type: string +- Default: `'Standard_GRS'` +- Allowed: `[Premium_LRS, Premium_ZRS, Standard_GRS, Standard_GZRS, Standard_LRS, Standard_RAGRS, Standard_RAGZRS, Standard_ZRS]` + +### Parameter: `supportsHttpsTrafficOnly` + +Allows HTTPS traffic only to storage service if sets to true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tableServices` + +Table service and tables to create. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed storage account. | +| `primaryBlobEndpoint` | string | The primary blob endpoint reference if blob services are deployed. | +| `resourceGroupName` | string | The resource group of the deployed storage account. | +| `resourceId` | string | The resource ID of the deployed storage account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes This is a generic module for deploying a Storage Account. Any customization for different storage needs (such as a diagnostic or other storage account) need to be done through the Archetype. diff --git a/modules/storage/storage-account/blob-service/README.md b/modules/storage/storage-account/blob-service/README.md index b0c44ced78..366984e3a0 100644 --- a/modules/storage/storage-account/blob-service/README.md +++ b/modules/storage/storage-account/blob-service/README.md @@ -23,43 +23,219 @@ This module deploys a Storage Account Blob Service. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `automaticSnapshotPolicyEnabled` | bool | `False` | | Automatic Snapshot is enabled if set to true. | -| `changeFeedEnabled` | bool | `True` | | The blob service properties for change feed events. Indicates whether change feed event logging is enabled for the Blob service. | -| `changeFeedRetentionInDays` | int | `7` | | Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed. | -| `containerDeleteRetentionPolicyAllowPermanentDelete` | bool | `False` | | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. | -| `containerDeleteRetentionPolicyDays` | int | `7` | | Indicates the number of days that the deleted item should be retained. | -| `containerDeleteRetentionPolicyEnabled` | bool | `True` | | The blob service properties for container soft delete. Indicates whether DeleteRetentionPolicy is enabled. | -| `containers` | array | `[]` | | Blob containers to create. | -| `corsRules` | array | `[]` | | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | -| `defaultServiceVersion` | string | `''` | | Indicates the default version to use for requests to the Blob service if an incoming request's version is not specified. Possible values include version 2008-10-27 and all more recent versions. | -| `deleteRetentionPolicyAllowPermanentDelete` | bool | `False` | | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. | -| `deleteRetentionPolicyDays` | int | `7` | | Indicates the number of days that the deleted blob should be retained. | -| `deleteRetentionPolicyEnabled` | bool | `True` | | The blob service properties for blob soft delete. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `isVersioningEnabled` | bool | `True` | | Use versioning to automatically maintain previous versions of your blobs. | -| `lastAccessTimeTrackingPolicyEnabled` | bool | `False` | | The blob service property to configure last access time based tracking policy. When set to true last access time based tracking is enabled. | -| `restorePolicyDays` | int | `6` | | how long this blob can be restored. It should be less than DeleteRetentionPolicy days. | -| `restorePolicyEnabled` | bool | `True` | | The blob service properties for blob restore policy. If point-in-time restore is enabled, then versioning, change feed, and blob soft delete must also be enabled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`automaticSnapshotPolicyEnabled`](#parameter-automaticsnapshotpolicyenabled) | bool | Automatic Snapshot is enabled if set to true. | +| [`changeFeedEnabled`](#parameter-changefeedenabled) | bool | The blob service properties for change feed events. Indicates whether change feed event logging is enabled for the Blob service. | +| [`changeFeedRetentionInDays`](#parameter-changefeedretentionindays) | int | Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed. | +| [`containerDeleteRetentionPolicyAllowPermanentDelete`](#parameter-containerdeleteretentionpolicyallowpermanentdelete) | bool | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. | +| [`containerDeleteRetentionPolicyDays`](#parameter-containerdeleteretentionpolicydays) | int | Indicates the number of days that the deleted item should be retained. | +| [`containerDeleteRetentionPolicyEnabled`](#parameter-containerdeleteretentionpolicyenabled) | bool | The blob service properties for container soft delete. Indicates whether DeleteRetentionPolicy is enabled. | +| [`containers`](#parameter-containers) | array | Blob containers to create. | +| [`corsRules`](#parameter-corsrules) | array | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | +| [`defaultServiceVersion`](#parameter-defaultserviceversion) | string | Indicates the default version to use for requests to the Blob service if an incoming request's version is not specified. Possible values include version 2008-10-27 and all more recent versions. | +| [`deleteRetentionPolicyAllowPermanentDelete`](#parameter-deleteretentionpolicyallowpermanentdelete) | bool | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. | +| [`deleteRetentionPolicyDays`](#parameter-deleteretentionpolicydays) | int | Indicates the number of days that the deleted blob should be retained. | +| [`deleteRetentionPolicyEnabled`](#parameter-deleteretentionpolicyenabled) | bool | The blob service properties for blob soft delete. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of a log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`isVersioningEnabled`](#parameter-isversioningenabled) | bool | Use versioning to automatically maintain previous versions of your blobs. | +| [`lastAccessTimeTrackingPolicyEnabled`](#parameter-lastaccesstimetrackingpolicyenabled) | bool | The blob service property to configure last access time based tracking policy. When set to true last access time based tracking is enabled. | +| [`restorePolicyDays`](#parameter-restorepolicydays) | int | how long this blob can be restored. It should be less than DeleteRetentionPolicy days. | +| [`restorePolicyEnabled`](#parameter-restorepolicyenabled) | bool | The blob service properties for blob restore policy. If point-in-time restore is enabled, then versioning, change feed, and blob soft delete must also be enabled. | + +### Parameter: `automaticSnapshotPolicyEnabled` + +Automatic Snapshot is enabled if set to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `changeFeedEnabled` + +The blob service properties for change feed events. Indicates whether change feed event logging is enabled for the Blob service. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `changeFeedRetentionInDays` + +Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `containerDeleteRetentionPolicyAllowPermanentDelete` + +This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `containerDeleteRetentionPolicyDays` + +Indicates the number of days that the deleted item should be retained. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `containerDeleteRetentionPolicyEnabled` + +The blob service properties for container soft delete. Indicates whether DeleteRetentionPolicy is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `containers` + +Blob containers to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `corsRules` + +Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `defaultServiceVersion` + +Indicates the default version to use for requests to the Blob service if an incoming request's version is not specified. Possible values include version 2008-10-27 and all more recent versions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `deleteRetentionPolicyAllowPermanentDelete` + +This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `deleteRetentionPolicyDays` + +Indicates the number of days that the deleted blob should be retained. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `deleteRetentionPolicyEnabled` + +The blob service properties for blob soft delete. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, StorageDelete, StorageRead, StorageWrite]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Transaction]` +- Allowed: `[Transaction]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of a log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `isVersioningEnabled` + +Use versioning to automatically maintain previous versions of your blobs. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `lastAccessTimeTrackingPolicyEnabled` + +The blob service property to configure last access time based tracking policy. When set to true last access time based tracking is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `restorePolicyDays` + +how long this blob can be restored. It should be less than DeleteRetentionPolicy days. +- Required: No +- Type: int +- Default: `6` + +### Parameter: `restorePolicyEnabled` + +The blob service properties for blob restore policy. If point-in-time restore is enabled, then versioning, change feed, and blob soft delete must also be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed blob service. | | `resourceGroupName` | string | The name of the deployed blob service. | diff --git a/modules/storage/storage-account/blob-service/container/README.md b/modules/storage/storage-account/blob-service/container/README.md index bd2bac4f1e..58e460fa12 100644 --- a/modules/storage/storage-account/blob-service/container/README.md +++ b/modules/storage/storage-account/blob-service/container/README.md @@ -21,36 +21,126 @@ This module deploys a Storage Account Blob Container. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the storage container to deploy. | +| [`name`](#parameter-name) | string | The name of the storage container to deploy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `defaultEncryptionScope` | string | `''` | | Default the container to use specified encryption scope for all writes. | -| `denyEncryptionScopeOverride` | bool | `False` | | Block override of encryption scope from the container default. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableNfsV3AllSquash` | bool | `False` | | Enable NFSv3 all squash on blob container. | -| `enableNfsV3RootSquash` | bool | `False` | | Enable NFSv3 root squash on blob container. | -| `immutabilityPolicyName` | string | `'default'` | | Name of the immutable policy. | -| `immutabilityPolicyProperties` | object | `{object}` | | Configure immutability policy. | -| `immutableStorageWithVersioningEnabled` | bool | `False` | | This is an immutable property, when set to true it enables object level immutability at the container level. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process. | -| `metadata` | object | `{object}` | | A name-value pair to associate with the container as metadata. | -| `publicAccess` | string | `'None'` | `[Blob, Container, None]` | Specifies whether data in the container may be accessed publicly and the level of access. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`defaultEncryptionScope`](#parameter-defaultencryptionscope) | string | Default the container to use specified encryption scope for all writes. | +| [`denyEncryptionScopeOverride`](#parameter-denyencryptionscopeoverride) | bool | Block override of encryption scope from the container default. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableNfsV3AllSquash`](#parameter-enablenfsv3allsquash) | bool | Enable NFSv3 all squash on blob container. | +| [`enableNfsV3RootSquash`](#parameter-enablenfsv3rootsquash) | bool | Enable NFSv3 root squash on blob container. | +| [`immutabilityPolicyName`](#parameter-immutabilitypolicyname) | string | Name of the immutable policy. | +| [`immutabilityPolicyProperties`](#parameter-immutabilitypolicyproperties) | object | Configure immutability policy. | +| [`immutableStorageWithVersioningEnabled`](#parameter-immutablestoragewithversioningenabled) | bool | This is an immutable property, when set to true it enables object level immutability at the container level. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process. | +| [`metadata`](#parameter-metadata) | object | A name-value pair to associate with the container as metadata. | +| [`publicAccess`](#parameter-publicaccess) | string | Specifies whether data in the container may be accessed publicly and the level of access. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +### Parameter: `defaultEncryptionScope` + +Default the container to use specified encryption scope for all writes. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `denyEncryptionScopeOverride` + +Block override of encryption scope from the container default. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableNfsV3AllSquash` + +Enable NFSv3 all squash on blob container. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableNfsV3RootSquash` + +Enable NFSv3 root squash on blob container. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `immutabilityPolicyName` + +Name of the immutable policy. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `immutabilityPolicyProperties` + +Configure immutability policy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `immutableStorageWithVersioningEnabled` + +This is an immutable property, when set to true it enables object level immutability at the container level. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `metadata` + +A name-value pair to associate with the container as metadata. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the storage container to deploy. +- Required: Yes +- Type: string + +### Parameter: `publicAccess` + +Specifies whether data in the container may be accessed publicly and the level of access. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[Blob, Container, None]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed container. | | `resourceGroupName` | string | The resource group of the deployed container. | diff --git a/modules/storage/storage-account/blob-service/container/immutability-policy/README.md b/modules/storage/storage-account/blob-service/container/immutability-policy/README.md index d08fe5de35..119022a4e9 100644 --- a/modules/storage/storage-account/blob-service/container/immutability-policy/README.md +++ b/modules/storage/storage-account/blob-service/container/immutability-policy/README.md @@ -19,24 +19,64 @@ This module deploys a Storage Account Blob Container Immutability Policy. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `containerName` | string | The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment. | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`containerName`](#parameter-containername) | string | The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowProtectedAppendWrites` | bool | `True` | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. | -| `allowProtectedAppendWritesAll` | bool | `True` | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both "Append and Block Blobs" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The "allowProtectedAppendWrites" and "allowProtectedAppendWritesAll" properties are mutually exclusive. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `immutabilityPeriodSinceCreationInDays` | int | `365` | The immutability period for the blobs in the container since the policy creation, in days. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowProtectedAppendWrites`](#parameter-allowprotectedappendwrites) | bool | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. | +| [`allowProtectedAppendWritesAll`](#parameter-allowprotectedappendwritesall) | bool | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both "Append and Block Blobs" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The "allowProtectedAppendWrites" and "allowProtectedAppendWritesAll" properties are mutually exclusive. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`immutabilityPeriodSinceCreationInDays`](#parameter-immutabilityperiodsincecreationindays) | int | The immutability period for the blobs in the container since the policy creation, in days. | + +### Parameter: `allowProtectedAppendWrites` + +This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `allowProtectedAppendWritesAll` + +This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both "Append and Block Blobs" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The "allowProtectedAppendWrites" and "allowProtectedAppendWritesAll" properties are mutually exclusive. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `containerName` + +The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `immutabilityPeriodSinceCreationInDays` + +The immutability period for the blobs in the container since the policy creation, in days. +- Required: No +- Type: int +- Default: `365` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed immutability policy. | | `resourceGroupName` | string | The resource group of the deployed immutability policy. | diff --git a/modules/storage/storage-account/blob-service/container/immutability-policy/main.json b/modules/storage/storage-account/blob-service/container/immutability-policy/main.json index 3fc5dd3e17..8f5f095161 100644 --- a/modules/storage/storage-account/blob-service/container/immutability-policy/main.json +++ b/modules/storage/storage-account/blob-service/container/immutability-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5668549883344653702" + "version": "0.22.6.54827", + "templateHash": "5294108325383402237" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/modules/storage/storage-account/blob-service/container/main.json b/modules/storage/storage-account/blob-service/container/main.json index 112c4734d2..8c211d81cf 100644 --- a/modules/storage/storage-account/blob-service/container/main.json +++ b/modules/storage/storage-account/blob-service/container/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7500144031846073123" + "version": "0.22.6.54827", + "templateHash": "394166978572431989" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -170,8 +170,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5668549883344653702" + "version": "0.22.6.54827", + "templateHash": "5294108325383402237" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -309,8 +309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8600687658951622621" + "version": "0.22.6.54827", + "templateHash": "3779322696347988040" } }, "parameters": { diff --git a/modules/storage/storage-account/blob-service/main.json b/modules/storage/storage-account/blob-service/main.json index 49c255f2fa..4a0a989e48 100644 --- a/modules/storage/storage-account/blob-service/main.json +++ b/modules/storage/storage-account/blob-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16838270897726250953" + "version": "0.22.6.54827", + "templateHash": "7606881916546008936" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -341,8 +341,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7500144031846073123" + "version": "0.22.6.54827", + "templateHash": "394166978572431989" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -507,8 +507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5668549883344653702" + "version": "0.22.6.54827", + "templateHash": "5294108325383402237" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -646,8 +646,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8600687658951622621" + "version": "0.22.6.54827", + "templateHash": "3779322696347988040" } }, "parameters": { diff --git a/modules/storage/storage-account/file-service/README.md b/modules/storage/storage-account/file-service/README.md index 5ccef9ca69..1593b168b2 100644 --- a/modules/storage/storage-account/file-service/README.md +++ b/modules/storage/storage-account/file-service/README.md @@ -22,31 +22,123 @@ This module deploys a Storage Account File Share Service. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'default'` | | The name of the file service. | -| `protocolSettings` | object | `{object}` | | Protocol settings for file service. | -| `shareDeleteRetentionPolicy` | object | `{object}` | | The service properties for soft delete. | -| `shares` | array | `[]` | | File shares to create. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of a log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the file service. | +| [`protocolSettings`](#parameter-protocolsettings) | object | Protocol settings for file service. | +| [`shareDeleteRetentionPolicy`](#parameter-sharedeleteretentionpolicy) | object | The service properties for soft delete. | +| [`shares`](#parameter-shares) | array | File shares to create. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, StorageDelete, StorageRead, StorageWrite]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Transaction]` +- Allowed: `[Transaction]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of a log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the file service. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `protocolSettings` + +Protocol settings for file service. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `shareDeleteRetentionPolicy` + +The service properties for soft delete. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `shares` + +File shares to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed file share service. | | `resourceGroupName` | string | The resource group of the deployed file share service. | diff --git a/modules/storage/storage-account/file-service/main.json b/modules/storage/storage-account/file-service/main.json index f4601e248a..047c971b7f 100644 --- a/modules/storage/storage-account/file-service/main.json +++ b/modules/storage/storage-account/file-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17282775888269025572" + "version": "0.22.6.54827", + "templateHash": "9522240963883457114" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -224,8 +224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15634855845265993886" + "version": "0.22.6.54827", + "templateHash": "10078506011156678451" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -370,8 +370,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17068545632348399169" + "version": "0.22.6.54827", + "templateHash": "11207645433031461361" } }, "parameters": { diff --git a/modules/storage/storage-account/file-service/share/README.md b/modules/storage/storage-account/file-service/share/README.md index 5513c20483..1e20ba6c67 100644 --- a/modules/storage/storage-account/file-service/share/README.md +++ b/modules/storage/storage-account/file-service/share/README.md @@ -20,32 +20,96 @@ This module deploys a Storage Account File Share. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the file share to create. | +| [`name`](#parameter-name) | string | The name of the file share to create. | **Conditional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessTier` | string | `'TransactionOptimized'` | `[Cool, Hot, Premium, TransactionOptimized]` | Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to "Premium"). GpV2 account can choose between TransactionOptimized (default), Hot, and Cool. | -| `fileServicesName` | string | `'default'` | | The name of the parent file service. Required if the template is used in a standalone deployment. | -| `storageAccountName` | string | | | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessTier`](#parameter-accesstier) | string | Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to "Premium"). GpV2 account can choose between TransactionOptimized (default), Hot, and Cool. | +| [`fileServicesName`](#parameter-fileservicesname) | string | The name of the parent file service. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledProtocols` | string | `'SMB'` | `[NFS, SMB]` | The authentication protocol that is used for the file share. Can only be specified when creating a share. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `rootSquash` | string | `'NoRootSquash'` | `[AllSquash, NoRootSquash, RootSquash]` | Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. | -| `shareQuota` | int | `5120` | | The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledProtocols`](#parameter-enabledprotocols) | string | The authentication protocol that is used for the file share. Can only be specified when creating a share. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`rootSquash`](#parameter-rootsquash) | string | Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. | +| [`shareQuota`](#parameter-sharequota) | int | The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB). | + +### Parameter: `accessTier` + +Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to "Premium"). GpV2 account can choose between TransactionOptimized (default), Hot, and Cool. +- Required: No +- Type: string +- Default: `'TransactionOptimized'` +- Allowed: `[Cool, Hot, Premium, TransactionOptimized]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledProtocols` + +The authentication protocol that is used for the file share. Can only be specified when creating a share. +- Required: No +- Type: string +- Default: `'SMB'` +- Allowed: `[NFS, SMB]` + +### Parameter: `fileServicesName` + +The name of the parent file service. Required if the template is used in a standalone deployment. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `name` + +The name of the file share to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rootSquash` + +Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. +- Required: No +- Type: string +- Default: `'NoRootSquash'` +- Allowed: `[AllSquash, NoRootSquash, RootSquash]` + +### Parameter: `shareQuota` + +The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB). +- Required: No +- Type: int +- Default: `5120` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed file share. | | `resourceGroupName` | string | The resource group of the deployed file share. | diff --git a/modules/storage/storage-account/file-service/share/main.json b/modules/storage/storage-account/file-service/share/main.json index 71c38945c6..8e0004213f 100644 --- a/modules/storage/storage-account/file-service/share/main.json +++ b/modules/storage/storage-account/file-service/share/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15634855845265993886" + "version": "0.22.6.54827", + "templateHash": "10078506011156678451" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -150,8 +150,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17068545632348399169" + "version": "0.22.6.54827", + "templateHash": "11207645433031461361" } }, "parameters": { diff --git a/modules/storage/storage-account/local-user/README.md b/modules/storage/storage-account/local-user/README.md index 2fdd397e85..9f2197327d 100644 --- a/modules/storage/storage-account/local-user/README.md +++ b/modules/storage/storage-account/local-user/README.md @@ -19,32 +19,90 @@ This module deploys a Storage Account Local User, which is used for SFTP authent **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hasSshKey` | bool | Indicates whether SSH key exists. Set it to false to remove existing SSH key. | -| `hasSshPassword` | bool | Indicates whether SSH password exists. Set it to false to remove existing SSH password. | -| `name` | string | The name of the local user used for SFTP Authentication. | -| `permissionScopes` | array | The permission scopes of the local user. | +| [`hasSshKey`](#parameter-hassshkey) | bool | Indicates whether SSH key exists. Set it to false to remove existing SSH key. | +| [`hasSshPassword`](#parameter-hassshpassword) | bool | Indicates whether SSH password exists. Set it to false to remove existing SSH password. | +| [`name`](#parameter-name) | string | The name of the local user used for SFTP Authentication. | +| [`permissionScopes`](#parameter-permissionscopes) | array | The permission scopes of the local user. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hasSharedKey` | bool | `False` | Indicates whether shared key exists. Set it to false to remove existing shared key. | -| `homeDirectory` | string | `''` | The local user home directory. | -| `sshAuthorizedKeys` | array | `[]` | The local user SSH authorized keys for SFTP. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hasSharedKey`](#parameter-hassharedkey) | bool | Indicates whether shared key exists. Set it to false to remove existing shared key. | +| [`homeDirectory`](#parameter-homedirectory) | string | The local user home directory. | +| [`sshAuthorizedKeys`](#parameter-sshauthorizedkeys) | array | The local user SSH authorized keys for SFTP. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hasSharedKey` + +Indicates whether shared key exists. Set it to false to remove existing shared key. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `hasSshKey` + +Indicates whether SSH key exists. Set it to false to remove existing SSH key. +- Required: Yes +- Type: bool + +### Parameter: `hasSshPassword` + +Indicates whether SSH password exists. Set it to false to remove existing SSH password. +- Required: Yes +- Type: bool + +### Parameter: `homeDirectory` + +The local user home directory. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the local user used for SFTP Authentication. +- Required: Yes +- Type: string + +### Parameter: `permissionScopes` + +The permission scopes of the local user. +- Required: Yes +- Type: array + +### Parameter: `sshAuthorizedKeys` + +The local user SSH authorized keys for SFTP. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed local user. | | `resourceGroupName` | string | The resource group of the deployed local user. | diff --git a/modules/storage/storage-account/local-user/main.json b/modules/storage/storage-account/local-user/main.json index 6e9675ae6f..274d270140 100644 --- a/modules/storage/storage-account/local-user/main.json +++ b/modules/storage/storage-account/local-user/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17498007234218946474" + "version": "0.22.6.54827", + "templateHash": "17857562856314258952" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", diff --git a/modules/storage/storage-account/main.json b/modules/storage/storage-account/main.json index 4d7fd6c0e9..8ffb72979b 100644 --- a/modules/storage/storage-account/main.json +++ b/modules/storage/storage-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9455165224264382" + "version": "0.22.6.54827", + "templateHash": "5401777351755094753" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -555,8 +555,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11907799862370162022" + "version": "0.22.6.54827", + "templateHash": "11629900401878342598" } }, "parameters": { @@ -748,8 +748,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -948,8 +948,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1086,8 +1086,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1293,8 +1293,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17802687193811353215" + "version": "0.22.6.54827", + "templateHash": "7686888659208772167" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", @@ -1421,8 +1421,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5592009806531122832" + "version": "0.22.6.54827", + "templateHash": "17857562856314258952" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", @@ -1593,8 +1593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14857884899377443071" + "version": "0.22.6.54827", + "templateHash": "7606881916546008936" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -1930,8 +1930,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2160985780685831754" + "version": "0.22.6.54827", + "templateHash": "394166978572431989" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -2096,8 +2096,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2613657638807054807" + "version": "0.22.6.54827", + "templateHash": "5294108325383402237" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -2235,8 +2235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5334204341302869645" + "version": "0.22.6.54827", + "templateHash": "3779322696347988040" } }, "parameters": { @@ -2472,8 +2472,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2386001216210231583" + "version": "0.22.6.54827", + "templateHash": "9522240963883457114" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -2692,8 +2692,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14297307444519260355" + "version": "0.22.6.54827", + "templateHash": "10078506011156678451" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -2838,8 +2838,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12515062620278558169" + "version": "0.22.6.54827", + "templateHash": "11207645433031461361" } }, "parameters": { @@ -3076,8 +3076,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1925955822576678061" + "version": "0.22.6.54827", + "templateHash": "2312493242268209495" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -3264,8 +3264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9907508200314623520" + "version": "0.22.6.54827", + "templateHash": "16140546698784234048" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -3364,8 +3364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "256624618142232879" + "version": "0.22.6.54827", + "templateHash": "4094857207316953942" } }, "parameters": { @@ -3599,8 +3599,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18301751490631788521" + "version": "0.22.6.54827", + "templateHash": "922436323351089615" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -3785,8 +3785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7147839666884687311" + "version": "0.22.6.54827", + "templateHash": "2215203998686662901" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/modules/storage/storage-account/management-policy/README.md b/modules/storage/storage-account/management-policy/README.md index 063b8d60fa..278fea96ea 100644 --- a/modules/storage/storage-account/management-policy/README.md +++ b/modules/storage/storage-account/management-policy/README.md @@ -19,26 +19,45 @@ This module deploys a Storage Account Management Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `rules` | array | The Storage Account ManagementPolicies Rules. | +| [`rules`](#parameter-rules) | array | The Storage Account ManagementPolicies Rules. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `rules` + +The Storage Account ManagementPolicies Rules. +- Required: Yes +- Type: array + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed management policy. | | `resourceGroupName` | string | The resource group of the deployed management policy. | diff --git a/modules/storage/storage-account/management-policy/main.json b/modules/storage/storage-account/management-policy/main.json index ed8bcbe20d..f559e2b86a 100644 --- a/modules/storage/storage-account/management-policy/main.json +++ b/modules/storage/storage-account/management-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2581396185828179457" + "version": "0.22.6.54827", + "templateHash": "7686888659208772167" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", diff --git a/modules/storage/storage-account/queue-service/README.md b/modules/storage/storage-account/queue-service/README.md index 043a0b7c67..87bfc9c6fe 100644 --- a/modules/storage/storage-account/queue-service/README.md +++ b/modules/storage/storage-account/queue-service/README.md @@ -22,28 +22,99 @@ This module deploys a Storage Account Queue Service. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `queues` | array | `[]` | | Queues to create. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of a log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`queues`](#parameter-queues) | array | Queues to create. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, StorageDelete, StorageRead, StorageWrite]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Transaction]` +- Allowed: `[Transaction]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of a log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `queues` + +Queues to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed file share service. | | `resourceGroupName` | string | The resource group of the deployed file share service. | diff --git a/modules/storage/storage-account/queue-service/main.json b/modules/storage/storage-account/queue-service/main.json index 33a2c49f58..54e5c74b40 100644 --- a/modules/storage/storage-account/queue-service/main.json +++ b/modules/storage/storage-account/queue-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3707030790801090324" + "version": "0.22.6.54827", + "templateHash": "2312493242268209495" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -192,8 +192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7293459815655804615" + "version": "0.22.6.54827", + "templateHash": "16140546698784234048" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -292,8 +292,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16848435230262465953" + "version": "0.22.6.54827", + "templateHash": "4094857207316953942" } }, "parameters": { diff --git a/modules/storage/storage-account/queue-service/queue/README.md b/modules/storage/storage-account/queue-service/queue/README.md index e166adc84f..49f5b6d4c5 100644 --- a/modules/storage/storage-account/queue-service/queue/README.md +++ b/modules/storage/storage-account/queue-service/queue/README.md @@ -20,28 +20,61 @@ This module deploys a Storage Account Queue. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `metadata` | object | A name-value pair that represents queue metadata. | -| `name` | string | The name of the storage queue to deploy. | +| [`metadata`](#parameter-metadata) | object | A name-value pair that represents queue metadata. | +| [`name`](#parameter-name) | string | The name of the storage queue to deploy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `metadata` + +A name-value pair that represents queue metadata. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the storage queue to deploy. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed queue. | | `resourceGroupName` | string | The resource group of the deployed queue. | diff --git a/modules/storage/storage-account/queue-service/queue/main.json b/modules/storage/storage-account/queue-service/queue/main.json index 76bb7034e3..f866c3407a 100644 --- a/modules/storage/storage-account/queue-service/queue/main.json +++ b/modules/storage/storage-account/queue-service/queue/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7293459815655804615" + "version": "0.22.6.54827", + "templateHash": "16140546698784234048" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -104,8 +104,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16848435230262465953" + "version": "0.22.6.54827", + "templateHash": "4094857207316953942" } }, "parameters": { diff --git a/modules/storage/storage-account/table-service/README.md b/modules/storage/storage-account/table-service/README.md index 978bb97f0d..9755cafd0b 100644 --- a/modules/storage/storage-account/table-service/README.md +++ b/modules/storage/storage-account/table-service/README.md @@ -21,28 +21,99 @@ This module deploys a Storage Account Table Service. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, StorageDelete, StorageRead, StorageWrite]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tables` | array | `[]` | | tables to create. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of a log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tables`](#parameter-tables) | array | tables to create. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, StorageDelete, StorageRead, StorageWrite]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Transaction]` +- Allowed: `[Transaction]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of a log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `tables` + +tables to create. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed table service. | | `resourceGroupName` | string | The resource group of the deployed table service. | diff --git a/modules/storage/storage-account/table-service/main.json b/modules/storage/storage-account/table-service/main.json index 67a9622a48..eb3354cf6a 100644 --- a/modules/storage/storage-account/table-service/main.json +++ b/modules/storage/storage-account/table-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16178057085724361046" + "version": "0.22.6.54827", + "templateHash": "922436323351089615" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -190,8 +190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3732027241762478422" + "version": "0.22.6.54827", + "templateHash": "2215203998686662901" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/modules/storage/storage-account/table-service/table/README.md b/modules/storage/storage-account/table-service/table/README.md index 445120d8b4..4d8bb2da13 100644 --- a/modules/storage/storage-account/table-service/table/README.md +++ b/modules/storage/storage-account/table-service/table/README.md @@ -19,26 +19,45 @@ This module deploys a Storage Account Table. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the table. | +| [`name`](#parameter-name) | string | Name of the table. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | +| [`storageAccountName`](#parameter-storageaccountname) | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the table. +- Required: Yes +- Type: string + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed file share service. | | `resourceGroupName` | string | The resource group of the deployed file share service. | diff --git a/modules/storage/storage-account/table-service/table/main.json b/modules/storage/storage-account/table-service/table/main.json index 77c0c6ca08..62a6eae7ba 100644 --- a/modules/storage/storage-account/table-service/table/main.json +++ b/modules/storage/storage-account/table-service/table/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3732027241762478422" + "version": "0.22.6.54827", + "templateHash": "2215203998686662901" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/modules/synapse/private-link-hub/.test/common/main.test.bicep b/modules/synapse/private-link-hub/.test/common/main.test.bicep index b34910f326..fd9d7be35d 100644 --- a/modules/synapse/private-link-hub/.test/common/main.test.bicep +++ b/modules/synapse/private-link-hub/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/synapse/private-link-hub/.test/min/main.test.bicep b/modules/synapse/private-link-hub/.test/min/main.test.bicep index 2430343f70..6c1e056048 100644 --- a/modules/synapse/private-link-hub/.test/min/main.test.bicep +++ b/modules/synapse/private-link-hub/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/synapse/private-link-hub/README.md b/modules/synapse/private-link-hub/README.md index bdf83ecdca..9a56960925 100644 --- a/modules/synapse/private-link-hub/README.md +++ b/modules/synapse/private-link-hub/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Synapse Analytics (Private Link Hub). ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,58 +20,28 @@ This module deploys an Azure Synapse Analytics (Private Link Hub). | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.Synapse/privateLinkHubs` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/privateLinkHubs) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Private Link Hub. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed Synapse Private Link Hub. | -| `resourceGroupName` | string | The resource group of the deployed Synapse Private Link Hub. | -| `resourceId` | string | The resource ID of the deployed Synapse Private Link Hub. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/synapse.private-link-hub:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module privateLinkHub './synapse/private-link-hub/main.bicep' = { +module privateLinkHub 'br:bicep/modules/synapse.private-link-hub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-splhcom' params: { // Required parameters @@ -191,14 +161,17 @@ module privateLinkHub './synapse/private-link-hub/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module privateLinkHub './synapse/private-link-hub/main.bicep' = { +module privateLinkHub 'br:bicep/modules/synapse.private-link-hub:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-splhmin' params: { // Required parameters @@ -235,3 +208,90 @@ module privateLinkHub './synapse/private-link-hub/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Private Link Hub. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The geo-location where the resource lives. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The geo-location where the resource lives. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Private Link Hub. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed Synapse Private Link Hub. | +| `resourceGroupName` | string | The resource group of the deployed Synapse Private Link Hub. | +| `resourceId` | string | The resource ID of the deployed Synapse Private Link Hub. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/synapse/private-link-hub/main.json b/modules/synapse/private-link-hub/main.json index 781140dded..0bb44ec6f8 100644 --- a/modules/synapse/private-link-hub/main.json +++ b/modules/synapse/private-link-hub/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18019491569577635414" + "version": "0.22.6.54827", + "templateHash": "691957729768991822" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -139,8 +139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6315388244089684837" + "version": "0.22.6.54827", + "templateHash": "2697027648534286095" } }, "parameters": { @@ -299,8 +299,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -499,8 +499,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -637,8 +637,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/synapse/workspace/.test/common/main.test.bicep b/modules/synapse/workspace/.test/common/main.test.bicep index f5f4948778..0791962ad8 100644 --- a/modules/synapse/workspace/.test/common/main.test.bicep +++ b/modules/synapse/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/synapse/workspace/.test/min/main.test.bicep b/modules/synapse/workspace/.test/min/main.test.bicep index 4ac01b80d6..9354fa703e 100644 --- a/modules/synapse/workspace/.test/min/main.test.bicep +++ b/modules/synapse/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/synapse/workspace/README.md b/modules/synapse/workspace/README.md index 3446019c20..dacfa2772f 100644 --- a/modules/synapse/workspace/README.md +++ b/modules/synapse/workspace/README.md @@ -5,10 +5,10 @@ This module deploys a Synapse Workspace. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -24,94 +24,31 @@ This module deploys a Synapse Workspace. | `Microsoft.Synapse/workspaces/integrationRuntimes` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/integrationRuntimes) | | `Microsoft.Synapse/workspaces/keys` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/keys) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `defaultDataLakeStorageAccountResourceId` | string | Resource ID of the default ADLS Gen2 storage account. | -| `defaultDataLakeStorageFilesystem` | string | The default ADLS Gen2 file system. | -| `name` | string | The name of the Synapse Workspace. | -| `sqlAdministratorLogin` | string | Login for administrator access to the workspace's SQL pools. | +## Usage examples -**Conditional parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/synapse.workspace:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedAadTenantIdsForLinking` | array | `[]` | | Allowed AAD Tenant IDs For Linking. | -| `azureADOnlyAuthentication` | bool | `False` | | Enable or Disable AzureADOnlyAuthentication on All Workspace sub-resource. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | The ID of User Assigned Managed identity that will be used to access your customer-managed key stored in key vault. | -| `cMKUseSystemAssignedIdentity` | bool | `False` | | Use System Assigned Managed identity that will be used to access your customer-managed key stored in key vault. | -| `defaultDataLakeStorageCreateManagedPrivateEndpoint` | bool | `False` | | Create managed private endpoint to the default storage account or not. If Yes is selected, a managed private endpoint connection request is sent to the workspace's primary Data Lake Storage Gen2 account for Spark pools to access data. This must be approved by an owner of the storage account. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, BuiltinSqlReqsEnded, GatewayApiRequests, IntegrationActivityRuns, IntegrationPipelineRuns, IntegrationTriggerRuns, SQLSecurityAuditEvents, SynapseLinkEvent, SynapseRbacOperations]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryption` | bool | `False` | | Double encryption using a customer-managed key. | -| `encryptionActivateWorkspace` | bool | `False` | | Activate workspace by adding the system managed identity in the KeyVault containing the customer managed key and activating the workspace. | -| `initialWorkspaceAdminObjectID` | string | `''` | | AAD object ID of initial workspace admin. | -| `integrationRuntimes` | array | `[]` | | The Integration Runtimes to create. | -| `linkedAccessCheckOnTargetResource` | bool | `False` | | Linked Access Check On Target Resource. | -| `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedResourceGroupName` | string | `''` | | Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'. | -| `managedVirtualNetwork` | bool | `False` | | Enable this to ensure that connection from your workspace to your data sources use Azure Private Links. You can create managed private endpoints to your data sources. | -| `preventDataExfiltration` | bool | `False` | | Prevent Data Exfiltration. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable or Disable public network access to workspace. | -| `purviewResourceID` | string | `''` | | Purview Resource ID. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sqlAdministratorLoginPassword` | string | `''` | | Password for administrator access to the workspace's SQL pools. If you don't provide a password, one will be automatically generated. You can change the password later. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `workspaceRepositoryConfiguration` | object | `{object}` | | Git integration settings. | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encrwsai](#example-2-encrwsai) +- [Encrwuai](#example-3-encrwuai) +- [Managedvnet](#example-4-managedvnet) +- [Using only defaults](#example-5-using-only-defaults) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `connectivityEndpoints` | object | The workspace connectivity endpoints. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed Synapse Workspace. | -| `resourceGroupName` | string | The resource group of the deployed Synapse Workspace. | -| `resourceID` | string | The resource ID of the deployed Synapse Workspace. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module workspace './synapse/workspace/main.bicep' = { +module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-swcom' params: { // Required parameters @@ -281,14 +218,14 @@ module workspace './synapse/workspace/main.bicep' = {

-

Example 2: Encrwsai

+### Example 2: _Encrwsai_
via Bicep module ```bicep -module workspace './synapse/workspace/main.bicep' = { +module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-swensa' params: { // Required parameters @@ -358,14 +295,14 @@ module workspace './synapse/workspace/main.bicep' = {

-

Example 3: Encrwuai

+### Example 3: _Encrwuai_
via Bicep module ```bicep -module workspace './synapse/workspace/main.bicep' = { +module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-swenua' params: { // Required parameters @@ -443,14 +380,14 @@ module workspace './synapse/workspace/main.bicep' = {

-

Example 4: Managedvnet

+### Example 4: _Managedvnet_
via Bicep module ```bicep -module workspace './synapse/workspace/main.bicep' = { +module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-swmanv' params: { // Required parameters @@ -528,14 +465,17 @@ module workspace './synapse/workspace/main.bicep' = {

-

Example 5: Min

+### Example 5: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './synapse/workspace/main.bicep' = { +module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-swmin' params: { // Required parameters @@ -584,3 +524,328 @@ module workspace './synapse/workspace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`defaultDataLakeStorageAccountResourceId`](#parameter-defaultdatalakestorageaccountresourceid) | string | Resource ID of the default ADLS Gen2 storage account. | +| [`defaultDataLakeStorageFilesystem`](#parameter-defaultdatalakestoragefilesystem) | string | The default ADLS Gen2 file system. | +| [`name`](#parameter-name) | string | The name of the Synapse Workspace. | +| [`sqlAdministratorLogin`](#parameter-sqladministratorlogin) | string | Login for administrator access to the workspace's SQL pools. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedAadTenantIdsForLinking`](#parameter-allowedaadtenantidsforlinking) | array | Allowed AAD Tenant IDs For Linking. | +| [`azureADOnlyAuthentication`](#parameter-azureadonlyauthentication) | bool | Enable or Disable AzureADOnlyAuthentication on All Workspace sub-resource. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | The ID of User Assigned Managed identity that will be used to access your customer-managed key stored in key vault. | +| [`cMKUseSystemAssignedIdentity`](#parameter-cmkusesystemassignedidentity) | bool | Use System Assigned Managed identity that will be used to access your customer-managed key stored in key vault. | +| [`defaultDataLakeStorageCreateManagedPrivateEndpoint`](#parameter-defaultdatalakestoragecreatemanagedprivateendpoint) | bool | Create managed private endpoint to the default storage account or not. If Yes is selected, a managed private endpoint connection request is sent to the workspace's primary Data Lake Storage Gen2 account for Spark pools to access data. This must be approved by an owner of the storage account. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryption`](#parameter-encryption) | bool | Double encryption using a customer-managed key. | +| [`encryptionActivateWorkspace`](#parameter-encryptionactivateworkspace) | bool | Activate workspace by adding the system managed identity in the KeyVault containing the customer managed key and activating the workspace. | +| [`initialWorkspaceAdminObjectID`](#parameter-initialworkspaceadminobjectid) | string | AAD object ID of initial workspace admin. | +| [`integrationRuntimes`](#parameter-integrationruntimes) | array | The Integration Runtimes to create. | +| [`linkedAccessCheckOnTargetResource`](#parameter-linkedaccesscheckontargetresource) | bool | Linked Access Check On Target Resource. | +| [`location`](#parameter-location) | string | The geo-location where the resource lives. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedResourceGroupName`](#parameter-managedresourcegroupname) | string | Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'. | +| [`managedVirtualNetwork`](#parameter-managedvirtualnetwork) | bool | Enable this to ensure that connection from your workspace to your data sources use Azure Private Links. You can create managed private endpoints to your data sources. | +| [`preventDataExfiltration`](#parameter-preventdataexfiltration) | bool | Prevent Data Exfiltration. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Enable or Disable public network access to workspace. | +| [`purviewResourceID`](#parameter-purviewresourceid) | string | Purview Resource ID. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sqlAdministratorLoginPassword`](#parameter-sqladministratorloginpassword) | string | Password for administrator access to the workspace's SQL pools. If you don't provide a password, one will be automatically generated. You can change the password later. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`workspaceRepositoryConfiguration`](#parameter-workspacerepositoryconfiguration) | object | Git integration settings. | + +### Parameter: `allowedAadTenantIdsForLinking` + +Allowed AAD Tenant IDs For Linking. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureADOnlyAuthentication` + +Enable or Disable AzureADOnlyAuthentication on All Workspace sub-resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +The ID of User Assigned Managed identity that will be used to access your customer-managed key stored in key vault. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUseSystemAssignedIdentity` + +Use System Assigned Managed identity that will be used to access your customer-managed key stored in key vault. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `defaultDataLakeStorageAccountResourceId` + +Resource ID of the default ADLS Gen2 storage account. +- Required: Yes +- Type: string + +### Parameter: `defaultDataLakeStorageCreateManagedPrivateEndpoint` + +Create managed private endpoint to the default storage account or not. If Yes is selected, a managed private endpoint connection request is sent to the workspace's primary Data Lake Storage Gen2 account for Spark pools to access data. This must be approved by an owner of the storage account. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `defaultDataLakeStorageFilesystem` + +The default ADLS Gen2 file system. +- Required: Yes +- Type: string + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, BuiltinSqlReqsEnded, GatewayApiRequests, IntegrationActivityRuns, IntegrationPipelineRuns, IntegrationTriggerRuns, SQLSecurityAuditEvents, SynapseLinkEvent, SynapseRbacOperations]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryption` + +Double encryption using a customer-managed key. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `encryptionActivateWorkspace` + +Activate workspace by adding the system managed identity in the KeyVault containing the customer managed key and activating the workspace. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `initialWorkspaceAdminObjectID` + +AAD object ID of initial workspace admin. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `integrationRuntimes` + +The Integration Runtimes to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `linkedAccessCheckOnTargetResource` + +Linked Access Check On Target Resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +The geo-location where the resource lives. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedResourceGroupName` + +Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `managedVirtualNetwork` + +Enable this to ensure that connection from your workspace to your data sources use Azure Private Links. You can create managed private endpoints to your data sources. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `name` + +The name of the Synapse Workspace. +- Required: Yes +- Type: string + +### Parameter: `preventDataExfiltration` + +Prevent Data Exfiltration. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Enable or Disable public network access to workspace. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `purviewResourceID` + +Purview Resource ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sqlAdministratorLogin` + +Login for administrator access to the workspace's SQL pools. +- Required: Yes +- Type: string + +### Parameter: `sqlAdministratorLoginPassword` + +Password for administrator access to the workspace's SQL pools. If you don't provide a password, one will be automatically generated. You can change the password later. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceRepositoryConfiguration` + +Git integration settings. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `connectivityEndpoints` | object | The workspace connectivity endpoints. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed Synapse Workspace. | +| `resourceGroupName` | string | The resource group of the deployed Synapse Workspace. | +| `resourceID` | string | The resource ID of the deployed Synapse Workspace. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/synapse/workspace/integration-runtime/README.md b/modules/synapse/workspace/integration-runtime/README.md index 8f755fea09..584577e12b 100644 --- a/modules/synapse/workspace/integration-runtime/README.md +++ b/modules/synapse/workspace/integration-runtime/README.md @@ -19,28 +19,61 @@ This module deploys a Synapse Workspace Integration Runtime. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the Integration Runtime. | -| `type` | string | `[Managed, SelfHosted]` | The type of Integration Runtime. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Integration Runtime. | +| [`type`](#parameter-type) | string | The type of Integration Runtime. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `typeProperties` | object | Integration Runtime type properties. Required if type is "Managed". | -| `workspaceName` | string | The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. | +| [`typeProperties`](#parameter-typeproperties) | object | Integration Runtime type properties. Required if type is "Managed". | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the Integration Runtime. +- Required: Yes +- Type: string + +### Parameter: `type` + +The type of Integration Runtime. +- Required: Yes +- Type: string +- Allowed: `[Managed, SelfHosted]` + +### Parameter: `typeProperties` + +Integration Runtime type properties. Required if type is "Managed". +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Integration Runtime. | | `resourceGroupName` | string | The name of the Resource Group the Integration Runtime was created in. | diff --git a/modules/synapse/workspace/integration-runtime/main.json b/modules/synapse/workspace/integration-runtime/main.json index 758aa10c62..c5f4521231 100644 --- a/modules/synapse/workspace/integration-runtime/main.json +++ b/modules/synapse/workspace/integration-runtime/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3836470848906868544" + "version": "0.22.6.54827", + "templateHash": "3121962670071772951" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime.", diff --git a/modules/synapse/workspace/key/README.md b/modules/synapse/workspace/key/README.md index f540c885ba..59e663a007 100644 --- a/modules/synapse/workspace/key/README.md +++ b/modules/synapse/workspace/key/README.md @@ -19,29 +19,68 @@ This module deploys a Synapse Workspaces Key. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `isActiveCMK` | bool | Used to activate the workspace after a customer managed key is provided. | -| `name` | string | Encryption key name. | +| [`isActiveCMK`](#parameter-isactivecmk) | bool | Used to activate the workspace after a customer managed key is provided. | +| [`name`](#parameter-name) | string | Encryption key name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `keyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. | -| `location` | string | `[resourceGroup().location]` | The geo-location where the resource lives. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`keyVaultResourceId`](#parameter-keyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | +| [`location`](#parameter-location) | string | The geo-location where the resource lives. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `isActiveCMK` + +Used to activate the workspace after a customer managed key is provided. +- Required: Yes +- Type: bool + +### Parameter: `keyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +The geo-location where the resource lives. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Encryption key name. +- Required: Yes +- Type: string + +### Parameter: `workspaceName` + +The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed key. | | `resourceGroupName` | string | The resource group of the deployed key. | diff --git a/modules/synapse/workspace/key/main.json b/modules/synapse/workspace/key/main.json index 95d5cd7e00..7000d1e035 100644 --- a/modules/synapse/workspace/key/main.json +++ b/modules/synapse/workspace/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11818706446850681387" + "version": "0.22.6.54827", + "templateHash": "14713531383006172248" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key.", diff --git a/modules/synapse/workspace/main.json b/modules/synapse/workspace/main.json index bc6309b583..0642e4d17a 100644 --- a/modules/synapse/workspace/main.json +++ b/modules/synapse/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16715469261263670474" + "version": "0.22.6.54827", + "templateHash": "14937890692678451468" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace.", @@ -413,8 +413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8201597103818743595" + "version": "0.22.6.54827", + "templateHash": "3121962670071772951" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime.", @@ -532,8 +532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17608936971543596719" + "version": "0.22.6.54827", + "templateHash": "7188161900918132964" } }, "parameters": { @@ -619,8 +619,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2656188060474374649" + "version": "0.22.6.54827", + "templateHash": "14713531383006172248" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key.", @@ -752,8 +752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5709952380943553719" + "version": "0.22.6.54827", + "templateHash": "14152899593799062400" } }, "parameters": { @@ -852,8 +852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1052,8 +1052,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1190,8 +1190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/virtual-machine-images/image-template/.test/common/main.test.bicep b/modules/virtual-machine-images/image-template/.test/common/main.test.bicep index d3e92ca621..87d86aad95 100644 --- a/modules/virtual-machine-images/image-template/.test/common/main.test.bicep +++ b/modules/virtual-machine-images/image-template/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/virtual-machine-images/image-template/.test/min/main.test.bicep b/modules/virtual-machine-images/image-template/.test/min/main.test.bicep index 04594dbef8..491e1f25c6 100644 --- a/modules/virtual-machine-images/image-template/.test/min/main.test.bicep +++ b/modules/virtual-machine-images/image-template/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/virtual-machine-images/image-template/README.md b/modules/virtual-machine-images/image-template/README.md index 727825a17e..a06d6c5360 100644 --- a/modules/virtual-machine-images/image-template/README.md +++ b/modules/virtual-machine-images/image-template/README.md @@ -4,14 +4,14 @@ This module deploys a Virtual Machine Image Template that can be consumed by Azu ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,78 +19,28 @@ This module deploys a Virtual Machine Image Template that can be consumed by Azu | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.VirtualMachineImages/imageTemplates` | [2022-02-14](https://learn.microsoft.com/en-us/azure/templates/Microsoft.VirtualMachineImages/2022-02-14/imageTemplates) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `customizationSteps` | array | Customization steps to be run when building the VM image. | -| `imageSource` | object | Image source definition in object format. | -| `name` | string | Name prefix of the Image Template to be built by the Azure Image Builder service. | -| `userMsiName` | string | Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `buildTimeoutInMinutes` | int | `0` | | Image build timeout in minutes. Allowed values: 0-960. 0 means the default 240 minutes. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `excludeFromLatest` | bool | `False` | | Exclude the created Azure Compute Gallery image version from the latest. | -| `imageReplicationRegions` | array | `[]` | | List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment's location will be taken as a default value. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedImageName` | string | `''` | | Name of the managed image that will be created in the AIB resourcegroup. | -| `osDiskSizeGB` | int | `128` | | Specifies the size of OS disk. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sigImageDefinitionId` | string | `''` | | Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/. | -| `sigImageVersion` | string | `''` | | Version of the Shared Image Gallery Image. Supports the following Version Syntax: Major.Minor.Build (i.e., '1.1.1' or '10.1.2'). | -| `stagingResourceGroup` | string | `''` | | Resource ID of the staging resource group in the same subscription and location as the image template that will be used to build the image.

If this field is empty, a resource group with a random name will be created.

If the resource group specified in this field doesn't exist, it will be created with the same name.

If the resource group specified exists, it must be empty and in the same region as the image template.

The resource group created will be deleted during template deletion if this field is empty or the resource group specified doesn't exist,

but if the resource group specified exists the resources created in the resource group will be deleted during template deletion and the resource group itself will remain. | -| `storageAccountType` | string | `'Standard_LRS'` | `[Standard_LRS, Standard_ZRS]` | Storage account type to be used to store the image in the Azure Compute Gallery. | -| `subnetId` | string | `''` | | Resource ID of an already existing subnet, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/.

If no value is provided, a new temporary VNET and subnet will be created in the staging resource group and will be deleted along with the remaining temporary resources. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `unManagedImageName` | string | `''` | | Name of the unmanaged image that will be created in the AIB resourcegroup. | -| `userAssignedIdentities` | array | `[]` | | List of User-Assigned Identities associated to the Build VM for accessing Azure resources such as Key Vaults from your customizer scripts.

Be aware, the user assigned identity specified in the 'userMsiName' parameter must have the 'Managed Identity Operator' role assignment on all the user assigned identities specified in this parameter for Azure Image Builder to be able to associate them to the build VM. | -| `userMsiResourceGroup` | string | `[resourceGroup().name]` | | Resource group of the user assigned identity. | -| `vmSize` | string | `'Standard_D2s_v3'` | | Specifies the size for the VM. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to generate a unique image template name. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The full name of the deployed image template. | -| `namePrefix` | string | The prefix of the image template name provided as input. | -| `resourceGroupName` | string | The resource group the image template was deployed into. | -| `resourceId` | string | The resource ID of the image template. | -| `runThisCommand` | string | The command to run in order to trigger the image build. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/virtual-machine-images.image-template:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module imageTemplate './virtual-machine-images/image-template/main.bicep' = { +module imageTemplate 'br:bicep/modules/virtual-machine-images.image-template:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-vmiitcom' params: { // Required parameters @@ -250,14 +200,17 @@ module imageTemplate './virtual-machine-images/image-template/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module imageTemplate './virtual-machine-images/image-template/main.bicep' = { +module imageTemplate 'br:bicep/modules/virtual-machine-images.image-template:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-vmiitmin' params: { // Required parameters @@ -338,6 +291,229 @@ module imageTemplate './virtual-machine-images/image-template/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customizationSteps`](#parameter-customizationsteps) | array | Customization steps to be run when building the VM image. | +| [`imageSource`](#parameter-imagesource) | object | Image source definition in object format. | +| [`name`](#parameter-name) | string | Name prefix of the Image Template to be built by the Azure Image Builder service. | +| [`userMsiName`](#parameter-usermsiname) | string | Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`buildTimeoutInMinutes`](#parameter-buildtimeoutinminutes) | int | Image build timeout in minutes. Allowed values: 0-960. 0 means the default 240 minutes. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`excludeFromLatest`](#parameter-excludefromlatest) | bool | Exclude the created Azure Compute Gallery image version from the latest. | +| [`imageReplicationRegions`](#parameter-imagereplicationregions) | array | List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment's location will be taken as a default value. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedImageName`](#parameter-managedimagename) | string | Name of the managed image that will be created in the AIB resourcegroup. | +| [`osDiskSizeGB`](#parameter-osdisksizegb) | int | Specifies the size of OS disk. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sigImageDefinitionId`](#parameter-sigimagedefinitionid) | string | Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/. | +| [`sigImageVersion`](#parameter-sigimageversion) | string | Version of the Shared Image Gallery Image. Supports the following Version Syntax: Major.Minor.Build (i.e., '1.1.1' or '10.1.2'). | +| [`stagingResourceGroup`](#parameter-stagingresourcegroup) | string | Resource ID of the staging resource group in the same subscription and location as the image template that will be used to build the image.

If this field is empty, a resource group with a random name will be created.

If the resource group specified in this field doesn't exist, it will be created with the same name.

If the resource group specified exists, it must be empty and in the same region as the image template.

The resource group created will be deleted during template deletion if this field is empty or the resource group specified doesn't exist,

but if the resource group specified exists the resources created in the resource group will be deleted during template deletion and the resource group itself will remain. | +| [`storageAccountType`](#parameter-storageaccounttype) | string | Storage account type to be used to store the image in the Azure Compute Gallery. | +| [`subnetId`](#parameter-subnetid) | string | Resource ID of an already existing subnet, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/.

If no value is provided, a new temporary VNET and subnet will be created in the staging resource group and will be deleted along with the remaining temporary resources. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`unManagedImageName`](#parameter-unmanagedimagename) | string | Name of the unmanaged image that will be created in the AIB resourcegroup. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | array | List of User-Assigned Identities associated to the Build VM for accessing Azure resources such as Key Vaults from your customizer scripts.

Be aware, the user assigned identity specified in the 'userMsiName' parameter must have the 'Managed Identity Operator' role assignment on all the user assigned identities specified in this parameter for Azure Image Builder to be able to associate them to the build VM. | +| [`userMsiResourceGroup`](#parameter-usermsiresourcegroup) | string | Resource group of the user assigned identity. | +| [`vmSize`](#parameter-vmsize) | string | Specifies the size for the VM. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a unique image template name. | + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a unique image template name. +- Required: No +- Type: string +- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]` + +### Parameter: `buildTimeoutInMinutes` + +Image build timeout in minutes. Allowed values: 0-960. 0 means the default 240 minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `customizationSteps` + +Customization steps to be run when building the VM image. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `excludeFromLatest` + +Exclude the created Azure Compute Gallery image version from the latest. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `imageReplicationRegions` + +List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment's location will be taken as a default value. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `imageSource` + +Image source definition in object format. +- Required: Yes +- Type: object + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedImageName` + +Name of the managed image that will be created in the AIB resourcegroup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name prefix of the Image Template to be built by the Azure Image Builder service. +- Required: Yes +- Type: string + +### Parameter: `osDiskSizeGB` + +Specifies the size of OS disk. +- Required: No +- Type: int +- Default: `128` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sigImageDefinitionId` + +Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sigImageVersion` + +Version of the Shared Image Gallery Image. Supports the following Version Syntax: Major.Minor.Build (i.e., '1.1.1' or '10.1.2'). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `stagingResourceGroup` + +Resource ID of the staging resource group in the same subscription and location as the image template that will be used to build the image.

If this field is empty, a resource group with a random name will be created.

If the resource group specified in this field doesn't exist, it will be created with the same name.

If the resource group specified exists, it must be empty and in the same region as the image template.

The resource group created will be deleted during template deletion if this field is empty or the resource group specified doesn't exist,

but if the resource group specified exists the resources created in the resource group will be deleted during template deletion and the resource group itself will remain. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountType` + +Storage account type to be used to store the image in the Azure Compute Gallery. +- Required: No +- Type: string +- Default: `'Standard_LRS'` +- Allowed: `[Standard_LRS, Standard_ZRS]` + +### Parameter: `subnetId` + +Resource ID of an already existing subnet, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/.

If no value is provided, a new temporary VNET and subnet will be created in the staging resource group and will be deleted along with the remaining temporary resources. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `unManagedImageName` + +Name of the unmanaged image that will be created in the AIB resourcegroup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `userAssignedIdentities` + +List of User-Assigned Identities associated to the Build VM for accessing Azure resources such as Key Vaults from your customizer scripts.

Be aware, the user assigned identity specified in the 'userMsiName' parameter must have the 'Managed Identity Operator' role assignment on all the user assigned identities specified in this parameter for Azure Image Builder to be able to associate them to the build VM. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userMsiName` + +Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder. +- Required: Yes +- Type: string + +### Parameter: `userMsiResourceGroup` + +Resource group of the user assigned identity. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `vmSize` + +Specifies the size for the VM. +- Required: No +- Type: string +- Default: `'Standard_D2s_v3'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The full name of the deployed image template. | +| `namePrefix` | string | The prefix of the image template name provided as input. | +| `resourceGroupName` | string | The resource group the image template was deployed into. | +| `resourceId` | string | The resource ID of the image template. | +| `runThisCommand` | string | The command to run in order to trigger the image build. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `imageSource` diff --git a/modules/virtual-machine-images/image-template/main.json b/modules/virtual-machine-images/image-template/main.json index e2212ceb0b..0905d7ecbb 100644 --- a/modules/virtual-machine-images/image-template/main.json +++ b/modules/virtual-machine-images/image-template/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13466746733111552709" + "version": "0.22.6.54827", + "templateHash": "2649219392883054229" }, "name": "Virtual Machine Image Templates", "description": "This module deploys a Virtual Machine Image Template that can be consumed by Azure Image Builder (AIB).", @@ -337,8 +337,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "675387888330318413" + "version": "0.22.6.54827", + "templateHash": "14467994353590988540" } }, "parameters": { diff --git a/modules/web/connection/.test/common/main.test.bicep b/modules/web/connection/.test/common/main.test.bicep index d9be8f90e4..0491801800 100644 --- a/modules/web/connection/.test/common/main.test.bicep +++ b/modules/web/connection/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/web/connection/README.md b/modules/web/connection/README.md index 4353443b6b..930a3eee78 100644 --- a/modules/web/connection/README.md +++ b/modules/web/connection/README.md @@ -4,13 +4,13 @@ This module deploys an Azure API Connection. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,60 +18,27 @@ This module deploys an Azure API Connection. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Web/connections` | [2016-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `displayName` | string | Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. | -| `name` | string | Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `api` | object | `{object}` | | Specific values for some API connections. | -| `customParameterValues` | object | `{object}` | | Customized parameter values for specific connections. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location of the deployment. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `nonSecretParameterValues` | object | `{object}` | | Dictionary of nonsecret parameter values. | -| `parameterValues` | secureObject | `{object}` | | Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `statuses` | array | `[]` | | Status of the connection. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `testLinks` | array | `[]` | | Links to test the API connection. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the connection. | -| `resourceGroupName` | string | The resource group the connection was deployed into. | -| `resourceId` | string | The resource ID of the connection. | - -## Cross-referenced modules +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.connection:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module connection './web/connection/main.bicep' = { +module connection 'br:bicep/modules/web.connection:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wccom' params: { // Required parameters @@ -156,3 +123,133 @@ module connection './web/connection/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`displayName`](#parameter-displayname) | string | Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. | +| [`name`](#parameter-name) | string | Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`api`](#parameter-api) | object | Specific values for some API connections. | +| [`customParameterValues`](#parameter-customparametervalues) | object | Customized parameter values for specific connections. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location of the deployment. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`nonSecretParameterValues`](#parameter-nonsecretparametervalues) | object | Dictionary of nonsecret parameter values. | +| [`parameterValues`](#parameter-parametervalues) | secureObject | Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`statuses`](#parameter-statuses) | array | Status of the connection. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`testLinks`](#parameter-testlinks) | array | Links to test the API connection. | + +### Parameter: `api` + +Specific values for some API connections. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `customParameterValues` + +Customized parameter values for specific connections. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `displayName` + +Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location of the deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. +- Required: Yes +- Type: string + +### Parameter: `nonSecretParameterValues` + +Dictionary of nonsecret parameter values. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `parameterValues` + +Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `statuses` + +Status of the connection. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `testLinks` + +Links to test the API connection. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the connection. | +| `resourceGroupName` | string | The resource group the connection was deployed into. | +| `resourceId` | string | The resource ID of the connection. | + +## Cross-referenced modules + +_None_ diff --git a/modules/web/connection/main.json b/modules/web/connection/main.json index fcc7401247..46f8e7e722 100644 --- a/modules/web/connection/main.json +++ b/modules/web/connection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8124229126186371962" + "version": "0.22.6.54827", + "templateHash": "1868688579888274089" }, "name": "API Connections", "description": "This module deploys an Azure API Connection.", @@ -186,8 +186,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16133609981398716025" + "version": "0.22.6.54827", + "templateHash": "4656118963929706650" } }, "parameters": { diff --git a/modules/web/hosting-environment/README.md b/modules/web/hosting-environment/README.md index dd8fac9921..277ad756dd 100644 --- a/modules/web/hosting-environment/README.md +++ b/modules/web/hosting-environment/README.md @@ -4,13 +4,13 @@ This module deploys an App Service Environment. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,85 +20,25 @@ This module deploys an App Service Environment. | `Microsoft.Web/hostingEnvironments` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/hostingEnvironments) | | `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the App Service Environment. | -| `subnetResourceId` | string | ResourceId for the subnet. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `customDnsSuffixCertificateUrl` | string | `''` | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. | -| `customDnsSuffixKeyVaultReferenceIdentity` | string | `''` | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowNewPrivateEndpointConnections` | bool | `False` | | Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. | -| `clusterSettings` | array | `[System.Management.Automation.OrderedHashtable]` | | Custom settings for changing the behavior of the App Service Environment. | -| `customDnsSuffix` | string | `''` | | Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. | -| `dedicatedHostCount` | int | `0` | | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsSuffix` | string | `''` | | DNS suffix of the App Service Environment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `frontEndScaleFactor` | int | `15` | | Scale factor for frontends. | -| `ftpEnabled` | bool | `False` | | Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. | -| `inboundIpAddressOverride` | string | `''` | | Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. | -| `internalLoadBalancingMode` | string | `'None'` | `[None, Publishing, Web, Web, Publishing]` | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. | -| `ipsslAddressCount` | int | `0` | | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. | -| `kind` | string | `'ASEv3'` | `[ASEv2, ASEv3]` | Kind of resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `multiSize` | string | `''` | `['', ExtraLarge, Large, Medium, Standard_D1_V2, Standard_D2, Standard_D2_V2, Standard_D3, Standard_D3_V2, Standard_D4, Standard_D4_V2]` | Frontend VM size. Cannot be used when kind is set to ASEv3. | -| `remoteDebugEnabled` | bool | `False` | | Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Resource tags. | -| `upgradePreference` | string | `'None'` | `[Early, Late, Manual, None]` | Specify preference for when and how the planned maintenance is applied. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `userWhitelistedIpRanges` | array | `[]` | | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. | -| `zoneRedundant` | bool | `False` | | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the App Service Environment. | -| `resourceGroupName` | string | The resource group the App Service Environment was deployed into. | -| `resourceId` | string | The resource ID of the App Service Environment. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -_None_ - -## Deployment examples +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.hosting-environment:1.0.0`. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +- [Asev2](#example-1-asev2) +- [Asev3](#example-2-asev3) -

Example 1: Asev2

+### Example 1: _Asev2_
via Bicep module ```bicep -module hostingEnvironment './web/hosting-environment/main.bicep' = { +module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-whasev2' params: { // Required parameters @@ -234,14 +174,14 @@ module hostingEnvironment './web/hosting-environment/main.bicep' = {

-

Example 2: Asev3

+### Example 2: _Asev3_
via Bicep module ```bicep -module hostingEnvironment './web/hosting-environment/main.bicep' = { +module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-whasev3' params: { // Required parameters @@ -400,3 +340,303 @@ module hostingEnvironment './web/hosting-environment/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the App Service Environment. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | ResourceId for the subnet. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customDnsSuffixCertificateUrl`](#parameter-customdnssuffixcertificateurl) | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. | +| [`customDnsSuffixKeyVaultReferenceIdentity`](#parameter-customdnssuffixkeyvaultreferenceidentity) | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowNewPrivateEndpointConnections`](#parameter-allownewprivateendpointconnections) | bool | Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. | +| [`clusterSettings`](#parameter-clustersettings) | array | Custom settings for changing the behavior of the App Service Environment. | +| [`customDnsSuffix`](#parameter-customdnssuffix) | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. | +| [`dedicatedHostCount`](#parameter-dedicatedhostcount) | int | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix of the App Service Environment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`frontEndScaleFactor`](#parameter-frontendscalefactor) | int | Scale factor for frontends. | +| [`ftpEnabled`](#parameter-ftpenabled) | bool | Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. | +| [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. | +| [`internalLoadBalancingMode`](#parameter-internalloadbalancingmode) | string | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. | +| [`ipsslAddressCount`](#parameter-ipssladdresscount) | int | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. | +| [`kind`](#parameter-kind) | string | Kind of resource. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`multiSize`](#parameter-multisize) | string | Frontend VM size. Cannot be used when kind is set to ASEv3. | +| [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`upgradePreference`](#parameter-upgradepreference) | string | Specify preference for when and how the planned maintenance is applied. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`userWhitelistedIpRanges`](#parameter-userwhitelistedipranges) | array | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. | + +### Parameter: `allowNewPrivateEndpointConnections` + +Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `clusterSettings` + +Custom settings for changing the behavior of the App Service Environment. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `customDnsSuffix` + +Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customDnsSuffixCertificateUrl` + +The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customDnsSuffixKeyVaultReferenceIdentity` + +The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dedicatedHostCount` + +The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AppServiceEnvironmentPlatformLogs]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsSuffix` + +DNS suffix of the App Service Environment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `frontEndScaleFactor` + +Scale factor for frontends. +- Required: No +- Type: int +- Default: `15` + +### Parameter: `ftpEnabled` + +Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `inboundIpAddressOverride` + +Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `internalLoadBalancingMode` + +Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[None, Publishing, Web, Web, Publishing]` + +### Parameter: `ipsslAddressCount` + +Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `kind` + +Kind of resource. +- Required: No +- Type: string +- Default: `'ASEv3'` +- Allowed: `[ASEv2, ASEv3]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `multiSize` + +Frontend VM size. Cannot be used when kind is set to ASEv3. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', ExtraLarge, Large, Medium, Standard_D1_V2, Standard_D2, Standard_D2_V2, Standard_D3, Standard_D3_V2, Standard_D4, Standard_D4_V2]` + +### Parameter: `name` + +Name of the App Service Environment. +- Required: Yes +- Type: string + +### Parameter: `remoteDebugEnabled` + +Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subnetResourceId` + +ResourceId for the subnet. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `upgradePreference` + +Specify preference for when and how the planned maintenance is applied. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[Early, Late, Manual, None]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userWhitelistedIpRanges` + +User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundant` + +Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the App Service Environment. | +| `resourceGroupName` | string | The resource group the App Service Environment was deployed into. | +| `resourceId` | string | The resource ID of the App Service Environment. | + +## Cross-referenced modules + +_None_ diff --git a/modules/web/hosting-environment/configuration--customdnssuffix/README.md b/modules/web/hosting-environment/configuration--customdnssuffix/README.md index 674d6e7662..cc00a5bf05 100644 --- a/modules/web/hosting-environment/configuration--customdnssuffix/README.md +++ b/modules/web/hosting-environment/configuration--customdnssuffix/README.md @@ -19,28 +19,59 @@ This module deploys a Hosting Environment Custom DNS Suffix Configuration. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `certificateUrl` | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. | -| `dnsSuffix` | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. | -| `keyVaultReferenceIdentity` | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. | +| [`certificateUrl`](#parameter-certificateurl) | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. | +| [`dnsSuffix`](#parameter-dnssuffix) | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. | +| [`keyVaultReferenceIdentity`](#parameter-keyvaultreferenceidentity) | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hostingEnvironmentName` | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. | +| [`hostingEnvironmentName`](#parameter-hostingenvironmentname) | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `certificateUrl` + +The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. +- Required: Yes +- Type: string + +### Parameter: `dnsSuffix` + +Enable the default custom domain suffix to use for all sites deployed on the ASE. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostingEnvironmentName` + +The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `keyVaultReferenceIdentity` + +The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the configuration. | | `resourceGroupName` | string | The resource group of the deployed configuration. | diff --git a/modules/web/hosting-environment/configuration--customdnssuffix/main.json b/modules/web/hosting-environment/configuration--customdnssuffix/main.json index a09f93e81e..c4d514811f 100644 --- a/modules/web/hosting-environment/configuration--customdnssuffix/main.json +++ b/modules/web/hosting-environment/configuration--customdnssuffix/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11788859333407565296" + "version": "0.22.6.54827", + "templateHash": "10660520916707434118" }, "name": "Hosting Environment Custom DNS Suffix Configuration", "description": "This module deploys a Hosting Environment Custom DNS Suffix Configuration.", diff --git a/modules/web/hosting-environment/configuration--networking/README.md b/modules/web/hosting-environment/configuration--networking/README.md index 78c62314cb..9fb9176940 100644 --- a/modules/web/hosting-environment/configuration--networking/README.md +++ b/modules/web/hosting-environment/configuration--networking/README.md @@ -19,24 +19,65 @@ This module deploys a Hosting Environment Network Configuration. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hostingEnvironmentName` | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. | +| [`hostingEnvironmentName`](#parameter-hostingenvironmentname) | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowNewPrivateEndpointConnections` | bool | `False` | Property to enable and disable new private endpoint connection creation on ASE. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ftpEnabled` | bool | `False` | Property to enable and disable FTP on ASEV3. | -| `inboundIpAddressOverride` | string | `''` | Customer provided Inbound IP Address. Only able to be set on Ase create. | -| `remoteDebugEnabled` | bool | `False` | Property to enable and disable Remote Debug on ASEv3. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowNewPrivateEndpointConnections`](#parameter-allownewprivateendpointconnections) | bool | Property to enable and disable new private endpoint connection creation on ASE. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ftpEnabled`](#parameter-ftpenabled) | bool | Property to enable and disable FTP on ASEV3. | +| [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. | +| [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. | + +### Parameter: `allowNewPrivateEndpointConnections` + +Property to enable and disable new private endpoint connection creation on ASE. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ftpEnabled` + +Property to enable and disable FTP on ASEV3. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `hostingEnvironmentName` + +The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `inboundIpAddressOverride` + +Customer provided Inbound IP Address. Only able to be set on Ase create. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `remoteDebugEnabled` + +Property to enable and disable Remote Debug on ASEv3. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the configuration. | | `resourceGroupName` | string | The resource group of the deployed configuration. | diff --git a/modules/web/hosting-environment/configuration--networking/main.json b/modules/web/hosting-environment/configuration--networking/main.json index 4ed8ea7eae..0630c14d2c 100644 --- a/modules/web/hosting-environment/configuration--networking/main.json +++ b/modules/web/hosting-environment/configuration--networking/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16351992787760940933" + "version": "0.22.6.54827", + "templateHash": "5725974299523715311" }, "name": "Hosting Environment Network Configuration", "description": "This module deploys a Hosting Environment Network Configuration.", diff --git a/modules/web/hosting-environment/main.json b/modules/web/hosting-environment/main.json index 74760aadb6..5c6d2298d8 100644 --- a/modules/web/hosting-environment/main.json +++ b/modules/web/hosting-environment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13433747178095563994" + "version": "0.22.6.54827", + "templateHash": "3036162001475975434" }, "name": "App Service Environments", "description": "This module deploys an App Service Environment.", @@ -412,8 +412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11895516864893390983" + "version": "0.22.6.54827", + "templateHash": "5725974299523715311" }, "name": "Hosting Environment Network Configuration", "description": "This module deploys a Hosting Environment Network Configuration.", @@ -551,8 +551,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15244434465859250047" + "version": "0.22.6.54827", + "templateHash": "10660520916707434118" }, "name": "Hosting Environment Custom DNS Suffix Configuration", "description": "This module deploys a Hosting Environment Custom DNS Suffix Configuration.", @@ -680,8 +680,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17589810269723384288" + "version": "0.22.6.54827", + "templateHash": "8235504163379537540" } }, "parameters": { diff --git a/modules/web/serverfarm/.test/common/main.test.bicep b/modules/web/serverfarm/.test/common/main.test.bicep index 0e5d4b233f..3e75d2847a 100644 --- a/modules/web/serverfarm/.test/common/main.test.bicep +++ b/modules/web/serverfarm/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/web/serverfarm/README.md b/modules/web/serverfarm/README.md index 52b2606816..ff4421dcd7 100644 --- a/modules/web/serverfarm/README.md +++ b/modules/web/serverfarm/README.md @@ -5,10 +5,10 @@ This module deploys an App Service Plan. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -19,68 +19,27 @@ This module deploys an App Service Plan. | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Web/serverfarms` | [2021-02-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) | -## Parameters +## Usage examples -**Required parameters** +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the app service plan to deploy. | -| `sku` | object | Defines the name, tier, size, family and capacity of the App Service Plan. | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -**Optional parameters** +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.serverfarm:1.0.0`. -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appServiceEnvironmentId` | string | `''` | | The Resource ID of the App Service Environment to use for the App Service Plan. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maximumElasticWorkerCount` | int | `1` | | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. | -| `perSiteScaling` | bool | `False` | | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serverOS` | string | `'Windows'` | `[Linux, Windows]` | Kind of server OS. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetWorkerCount` | int | `0` | | Scaling worker count. | -| `targetWorkerSize` | int | `0` | `[0, 1, 2]` | The instance size of the hosting plan (small, medium, or large). | -| `workerTierName` | string | `''` | | Target worker tier assigned to the App Service plan. | -| `zoneRedundant` | bool | `False` | | When true, this App Service Plan will perform availability zone balancing. | +- [Using large parameter set](#example-1-using-large-parameter-set) +### Example 1: _Using large parameter set_ -## Outputs +This instance deploys the module with most of its features enabled. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the app service plan. | -| `resourceGroupName` | string | The resource group the app service plan was deployed into. | -| `resourceId` | string | The resource ID of the app service plan. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module serverfarm './web/serverfarm/main.bicep' = { +module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wsfcom' params: { // Required parameters @@ -185,3 +144,200 @@ module serverfarm './web/serverfarm/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the app service plan to deploy. | +| [`sku`](#parameter-sku) | object | Defines the name, tier, size, family and capacity of the App Service Plan. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appServiceEnvironmentId`](#parameter-appserviceenvironmentid) | string | The Resource ID of the App Service Environment to use for the App Service Plan. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maximumElasticWorkerCount`](#parameter-maximumelasticworkercount) | int | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. | +| [`perSiteScaling`](#parameter-persitescaling) | bool | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serverOS`](#parameter-serveros) | string | Kind of server OS. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`targetWorkerCount`](#parameter-targetworkercount) | int | Scaling worker count. | +| [`targetWorkerSize`](#parameter-targetworkersize) | int | The instance size of the hosting plan (small, medium, or large). | +| [`workerTierName`](#parameter-workertiername) | string | Target worker tier assigned to the App Service plan. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, this App Service Plan will perform availability zone balancing. | + +### Parameter: `appServiceEnvironmentId` + +The Resource ID of the App Service Environment to use for the App Service Plan. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maximumElasticWorkerCount` + +Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +The name of the app service plan to deploy. +- Required: Yes +- Type: string + +### Parameter: `perSiteScaling` + +If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serverOS` + +Kind of server OS. +- Required: No +- Type: string +- Default: `'Windows'` +- Allowed: `[Linux, Windows]` + +### Parameter: `sku` + +Defines the name, tier, size, family and capacity of the App Service Plan. +- Required: Yes +- Type: object + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetWorkerCount` + +Scaling worker count. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `targetWorkerSize` + +The instance size of the hosting plan (small, medium, or large). +- Required: No +- Type: int +- Default: `0` +- Allowed: `[0, 1, 2]` + +### Parameter: `workerTierName` + +Target worker tier assigned to the App Service plan. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `zoneRedundant` + +When true, this App Service Plan will perform availability zone balancing. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the app service plan. | +| `resourceGroupName` | string | The resource group the app service plan was deployed into. | +| `resourceId` | string | The resource ID of the app service plan. | + +## Cross-referenced modules + +_None_ diff --git a/modules/web/serverfarm/main.json b/modules/web/serverfarm/main.json index 85d6d397ce..b89ace3754 100644 --- a/modules/web/serverfarm/main.json +++ b/modules/web/serverfarm/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10712218641588923205" + "version": "0.22.6.54827", + "templateHash": "1970232317602434102" }, "name": "App Service Plans", "description": "This module deploys an App Service Plan.", @@ -292,8 +292,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14948974445589608249" + "version": "0.22.6.54827", + "templateHash": "17362454573845910972" } }, "parameters": { diff --git a/modules/web/site/README.md b/modules/web/site/README.md index 7abafc3801..2e79002447 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -4,14 +4,14 @@ This module deploys a Web or Function App. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -30,105 +30,27 @@ This module deploys a Web or Function App. | `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | | `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` | Type of site to deploy. | -| `name` | string | | Name of the site. | -| `serverFarmResourceId` | string | | The resource ID of the app service plan to use for the site. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appInsightResourceId` | string | `''` | | Resource ID of the app insight to leverage for this resource. | -| `appServiceEnvironmentResourceId` | string | `''` | | The resource ID of the app service environment to use for this resource. | -| `appSettingsKeyValuePairs` | object | `{object}` | | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| `authSettingV2Configuration` | object | `{object}` | | The auth settings V2 configuration. | -| `basicPublishingCredentialsPolicies` | array | `[]` | | The site publishing credential policy names which are associated with the sites. | -| `clientAffinityEnabled` | bool | `True` | | If client affinity is enabled. | -| `clientCertEnabled` | bool | `False` | | To enable client certificate authentication (TLS mutual authentication). | -| `clientCertExclusionPaths` | string | `''` | | Client certificate authentication comma-separated exclusion paths. | -| `clientCertMode` | string | `'Optional'` | `[Optional, OptionalInteractiveUser, Required]` | This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | -| `cloningInfo` | object | `{object}` | | If specified during app creation, the app is cloned from a source app. | -| `containerSize` | int | `-1` | | Size of the function container. | -| `customDomainVerificationId` | string | `''` | | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | -| `dailyMemoryTimeQuota` | int | `-1` | | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` | `['', allLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of log analytics workspace. | -| `enabled` | bool | `True` | | Setting this value to false disables the app (takes the app offline). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hostNameSslStates` | array | `[]` | | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | -| `httpsOnly` | bool | `True` | | Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | -| `hybridConnectionRelays` | array | `[]` | | Names of hybrid connection relays to connect app with. | -| `hyperV` | bool | `False` | | Hyper-V sandbox. | -| `keyVaultAccessIdentityResourceId` | string | `''` | | The resource ID of the assigned identity to be used to access a key vault with. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `redundancyMode` | string | `'None'` | `[ActiveActive, Failover, GeoRedundant, Manual, None]` | Site redundancy mode. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scmSiteAlsoStopped` | bool | `False` | | Stop SCM (KUDU) site when the app is stopped. | -| `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| `siteConfig` | object | `{object}` | | The site config object. | -| `slots` | array | `[]` | | Configuration for deployment slots for an app. | -| `storageAccountRequired` | bool | `False` | | Checks if Customer provided storage account is required. | -| `storageAccountResourceId` | string | `''` | | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkSubnetId` | string | `''` | | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | -| `vnetContentShareEnabled` | bool | `False` | | To enable accessing content over virtual network. | -| `vnetImagePullEnabled` | bool | `False` | | To enable pulling image over Virtual Network. | -| `vnetRouteAllEnabled` | bool | `False` | | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `defaultHostname` | string | Default hostname of the app. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the site. | -| `resourceGroupName` | string | The resource group the site was deployed into. | -| `resourceId` | string | The resource ID of the site. | -| `slotResourceIds` | array | The list of the slot resource ids. | -| `slots` | array | The list of the slots. | -| `slotSystemAssignedPrincipalIds` | array | The principal ID of the system assigned identity of slots. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Deployment examples +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.site:1.0.0`. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +- [Functionappcommon](#example-1-functionappcommon) +- [Functionappmin](#example-2-functionappmin) +- [Webappcommon](#example-3-webappcommon) +- [Webappmin](#example-4-webappmin) - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Functionappcommon

+### Example 1: _Functionappcommon_
via Bicep module ```bicep -module site './web/site/main.bicep' = { +module site 'br:bicep/modules/web.site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wsfacom' params: { // Required parameters @@ -440,14 +362,14 @@ module site './web/site/main.bicep' = {

-

Example 2: Functionappmin

+### Example 2: _Functionappmin_
via Bicep module ```bicep -module site './web/site/main.bicep' = { +module site 'br:bicep/modules/web.site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wsfamin' params: { // Required parameters @@ -501,14 +423,14 @@ module site './web/site/main.bicep' = {

-

Example 3: Webappcommon

+### Example 3: _Webappcommon_
via Bicep module ```bicep -module site './web/site/main.bicep' = { +module site 'br:bicep/modules/web.site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wswa' params: { // Required parameters @@ -818,14 +740,14 @@ module site './web/site/main.bicep' = {

-

Example 4: Webappmin

+### Example 4: _Webappmin_
via Bicep module ```bicep -module site './web/site/main.bicep' = { +module site 'br:bicep/modules/web.site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wswamin' params: { // Required parameters @@ -872,6 +794,437 @@ module site './web/site/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of site to deploy. | +| [`name`](#parameter-name) | string | Name of the site. | +| [`serverFarmResourceId`](#parameter-serverfarmresourceid) | string | The resource ID of the app service plan to use for the site. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | +| [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | +| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`basicPublishingCredentialsPolicies`](#parameter-basicpublishingcredentialspolicies) | array | The site publishing credential policy names which are associated with the sites. | +| [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | +| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | +| [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | +| [`clientCertMode`](#parameter-clientcertmode) | string | This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | +| [`cloningInfo`](#parameter-cloninginfo) | object | If specified during app creation, the app is cloned from a source app. | +| [`containerSize`](#parameter-containersize) | int | Size of the function container. | +| [`customDomainVerificationId`](#parameter-customdomainverificationid) | string | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | +| [`dailyMemoryTimeQuota`](#parameter-dailymemorytimequota) | int | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of log analytics workspace. | +| [`enabled`](#parameter-enabled) | bool | Setting this value to false disables the app (takes the app offline). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hostNameSslStates`](#parameter-hostnamesslstates) | array | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | +| [`httpsOnly`](#parameter-httpsonly) | bool | Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | +| [`hybridConnectionRelays`](#parameter-hybridconnectionrelays) | array | Names of hybrid connection relays to connect app with. | +| [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | +| [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scmSiteAlsoStopped`](#parameter-scmsitealsostopped) | bool | Stop SCM (KUDU) site when the app is stopped. | +| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | +| [`siteConfig`](#parameter-siteconfig) | object | The site config object. | +| [`slots`](#parameter-slots) | array | Configuration for deployment slots for an app. | +| [`storageAccountRequired`](#parameter-storageaccountrequired) | bool | Checks if Customer provided storage account is required. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | +| [`vnetContentShareEnabled`](#parameter-vnetcontentshareenabled) | bool | To enable accessing content over virtual network. | +| [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | +| [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | + +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appServiceEnvironmentResourceId` + +The resource ID of the app service environment to use for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appSettingsKeyValuePairs` + +The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `basicPublishingCredentialsPolicies` + +The site publishing credential policy names which are associated with the sites. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `clientAffinityEnabled` + +If client affinity is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `clientCertEnabled` + +To enable client certificate authentication (TLS mutual authentication). +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `clientCertExclusionPaths` + +Client certificate authentication comma-separated exclusion paths. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientCertMode` + +This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. +- Required: No +- Type: string +- Default: `'Optional'` +- Allowed: `[Optional, OptionalInteractiveUser, Required]` + +### Parameter: `cloningInfo` + +If specified during app creation, the app is cloned from a source app. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `containerSize` + +Size of the function container. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `customDomainVerificationId` + +Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dailyMemoryTimeQuota` + +Maximum allowed daily memory-time quota (applicable on dynamic apps only). +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` +- Allowed: `['', allLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enabled` + +Setting this value to false disables the app (takes the app offline). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostNameSslStates` + +Hostname SSL states are used to manage the SSL bindings for app's hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `httpsOnly` + +Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionRelays` + +Names of hybrid connection relays to connect app with. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hyperV` + +Hyper-V sandbox. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyVaultAccessIdentityResourceId` + +The resource ID of the assigned identity to be used to access a key vault with. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `kind` + +Type of site to deploy. +- Required: Yes +- Type: string +- Allowed: `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the site. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `redundancyMode` + +Site redundancy mode. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[ActiveActive, Failover, GeoRedundant, Manual, None]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scmSiteAlsoStopped` + +Stop SCM (KUDU) site when the app is stopped. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `serverFarmResourceId` + +The resource ID of the app service plan to use for the site. +- Required: Yes +- Type: string + +### Parameter: `setAzureWebJobsDashboard` + +For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. +- Required: No +- Type: bool +- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` + +### Parameter: `siteConfig` + +The site config object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `slots` + +Configuration for deployment slots for an app. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountRequired` + +Checks if Customer provided storage account is required. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `storageAccountResourceId` + +Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkSubnetId` + +Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vnetContentShareEnabled` + +To enable accessing content over virtual network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetImagePullEnabled` + +To enable pulling image over Virtual Network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetRouteAllEnabled` + +Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `defaultHostname` | string | Default hostname of the app. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the site. | +| `resourceGroupName` | string | The resource group the site was deployed into. | +| `resourceId` | string | The resource ID of the site. | +| `slotResourceIds` | array | The list of the slot resource ids. | +| `slots` | array | The list of the slots. | +| `slotSystemAssignedPrincipalIds` | array | The principal ID of the system assigned identity of slots. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `appSettingsKeyValuePairs` diff --git a/modules/web/site/basic-publishing-credentials-policy/README.md b/modules/web/site/basic-publishing-credentials-policy/README.md index 6feeb0be21..e6cfbc594b 100644 --- a/modules/web/site/basic-publishing-credentials-policy/README.md +++ b/modules/web/site/basic-publishing-credentials-policy/README.md @@ -19,27 +19,54 @@ This module deploys a Web Site Basic Publishing Credentials Policy. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[ftp, scm]` | The name of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the resource. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `webAppName` | string | The name of the parent web site. Required if the template is used in a standalone deployment. | +| [`webAppName`](#parameter-webappname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all Resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the resource. +- Required: Yes +- Type: string +- Allowed: `[ftp, scm]` + +### Parameter: `webAppName` + +The name of the parent web site. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the basic publishing credential policy. | diff --git a/modules/web/site/basic-publishing-credentials-policy/main.json b/modules/web/site/basic-publishing-credentials-policy/main.json index 91ba685431..fb7d1f7388 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.json +++ b/modules/web/site/basic-publishing-credentials-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12641846967338527190" + "version": "0.22.6.54827", + "templateHash": "5305729672150633375" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", diff --git a/modules/web/site/config--appsettings/README.md b/modules/web/site/config--appsettings/README.md index 3be5e82252..2e08ed883c 100644 --- a/modules/web/site/config--appsettings/README.md +++ b/modules/web/site/config--appsettings/README.md @@ -20,30 +20,78 @@ This module deploys a Site App Setting. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` | Type of site to deploy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of site to deploy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `appInsightResourceId` | string | `''` | Resource ID of the app insight to leverage for this resource. | -| `appSettingsKeyValuePairs` | object | `{object}` | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| `storageAccountResourceId` | string | `''` | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | +| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | + +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `appSettingsKeyValuePairs` + +The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of site to deploy. +- Required: Yes +- Type: string +- Allowed: `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` + +### Parameter: `setAzureWebJobsDashboard` + +For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. +- Required: No +- Type: bool +- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` + +### Parameter: `storageAccountResourceId` + +Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the site config. | | `resourceGroupName` | string | The resource group the site config was deployed into. | diff --git a/modules/web/site/config--appsettings/main.json b/modules/web/site/config--appsettings/main.json index cef5e418d0..c5bb4f96d9 100644 --- a/modules/web/site/config--appsettings/main.json +++ b/modules/web/site/config--appsettings/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "113124702348316001" + "version": "0.22.6.54827", + "templateHash": "12140652943143922490" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting.", diff --git a/modules/web/site/config--authsettingsv2/README.md b/modules/web/site/config--authsettingsv2/README.md index 94dad58be5..345ad28201 100644 --- a/modules/web/site/config--authsettingsv2/README.md +++ b/modules/web/site/config--authsettingsv2/README.md @@ -19,27 +19,53 @@ This module deploys a Site Auth Settings V2 Configuration. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `authSettingV2Configuration` | object | | The auth settings V2 configuration. | -| `kind` | string | `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` | Type of site to deploy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`kind`](#parameter-kind) | string | Type of site to deploy. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of site to deploy. +- Required: Yes +- Type: string +- Allowed: `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the site config. | | `resourceGroupName` | string | The resource group the site config was deployed into. | diff --git a/modules/web/site/config--authsettingsv2/main.json b/modules/web/site/config--authsettingsv2/main.json index 03425cac80..3ecec714d3 100644 --- a/modules/web/site/config--authsettingsv2/main.json +++ b/modules/web/site/config--authsettingsv2/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15491598085214996541" + "version": "0.22.6.54827", + "templateHash": "1120403064106188130" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", diff --git a/modules/web/site/hybrid-connection-namespace/relay/README.md b/modules/web/site/hybrid-connection-namespace/relay/README.md index f043a8d416..20be37abae 100644 --- a/modules/web/site/hybrid-connection-namespace/relay/README.md +++ b/modules/web/site/hybrid-connection-namespace/relay/README.md @@ -19,28 +19,61 @@ This module deploys a Site Hybrid Connection Namespace Relay. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hybridConnectionResourceId` | string | The resource ID of the relay namespace hybrid connection. | +| [`hybridConnectionResourceId`](#parameter-hybridconnectionresourceid) | string | The resource ID of the relay namespace hybrid connection. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent web site. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all Resources. | -| `sendKeyName` | string | `'defaultSender'` | Name of the authorization rule send key to use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | + +### Parameter: `appName` + +The name of the parent web site. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionResourceId` + +The resource ID of the relay namespace hybrid connection. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `sendKeyName` + +Name of the authorization rule send key to use. +- Required: No +- Type: string +- Default: `'defaultSender'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the hybrid connection relay.. | | `resourceGroupName` | string | The name of the resource group the resource was deployed into. | diff --git a/modules/web/site/hybrid-connection-namespace/relay/main.json b/modules/web/site/hybrid-connection-namespace/relay/main.json index 2b6535908c..bc3ae19be6 100644 --- a/modules/web/site/hybrid-connection-namespace/relay/main.json +++ b/modules/web/site/hybrid-connection-namespace/relay/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8921333553708930079" + "version": "0.22.6.54827", + "templateHash": "10458383238656360850" }, "name": "Web/Function Apps Hybrid Connection Relay", "description": "This module deploys a Site Hybrid Connection Namespace Relay.", diff --git a/modules/web/site/main.json b/modules/web/site/main.json index 26e1779829..af5a3ed4e0 100644 --- a/modules/web/site/main.json +++ b/modules/web/site/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6298363568449273285" + "version": "0.22.6.54827", + "templateHash": "16969766511662743845" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -544,8 +544,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "113124702348316001" + "version": "0.22.6.54827", + "templateHash": "12140652943143922490" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting.", @@ -689,8 +689,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15491598085214996541" + "version": "0.22.6.54827", + "templateHash": "1120403064106188130" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -865,8 +865,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7597641242156251930" + "version": "0.22.6.54827", + "templateHash": "14108540523970367707" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1390,8 +1390,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6824589216099571528" + "version": "0.22.6.54827", + "templateHash": "13223616826795830599" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -1544,8 +1544,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15013002348606979820" + "version": "0.22.6.54827", + "templateHash": "16157844933162881953" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -1677,8 +1677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1505854425120658866" + "version": "0.22.6.54827", + "templateHash": "11888981629758921842" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", @@ -1817,8 +1817,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18344556157010848654" + "version": "0.22.6.54827", + "templateHash": "12072533589555151999" } }, "parameters": { @@ -1955,8 +1955,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2155,8 +2155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2293,8 +2293,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2547,8 +2547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12641846967338527190" + "version": "0.22.6.54827", + "templateHash": "5305729672150633375" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -2678,8 +2678,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8921333553708930079" + "version": "0.22.6.54827", + "templateHash": "10458383238656360850" }, "name": "Web/Function Apps Hybrid Connection Relay", "description": "This module deploys a Site Hybrid Connection Namespace Relay.", @@ -2814,8 +2814,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7292070864296261914" + "version": "0.22.6.54827", + "templateHash": "8219747135768194918" } }, "parameters": { @@ -2981,8 +2981,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3181,8 +3181,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -3319,8 +3319,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/web/site/slot/README.md b/modules/web/site/slot/README.md index a2c44834f2..f5250fc317 100644 --- a/modules/web/site/slot/README.md +++ b/modules/web/site/slot/README.md @@ -4,13 +4,13 @@ This module deploys a Web or Function App Deployment Slot. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -29,70 +29,403 @@ This module deploys a Web or Function App Deployment Slot. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` | Type of slot to deploy. | -| `name` | string | | Name of the slot. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of slot to deploy. | +| [`name`](#parameter-name) | string | Name of the slot. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appInsightResourceId` | string | `''` | | Resource ID of the app insight to leverage for this resource. | -| `appServiceEnvironmentResourceId` | string | `''` | | The resource ID of the app service environment to use for this resource. | -| `appSettingsKeyValuePairs` | object | `{object}` | | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| `authSettingV2Configuration` | object | `{object}` | | The auth settings V2 configuration. | -| `clientAffinityEnabled` | bool | `True` | | If client affinity is enabled. | -| `clientCertEnabled` | bool | `False` | | To enable client certificate authentication (TLS mutual authentication). | -| `clientCertExclusionPaths` | string | `''` | | Client certificate authentication comma-separated exclusion paths. | -| `clientCertMode` | string | `'Optional'` | `[Optional, OptionalInteractiveUser, Required]` | This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | -| `cloningInfo` | object | `{object}` | | If specified during app creation, the app is cloned from a source app. | -| `containerSize` | int | `-1` | | Size of the function container. | -| `customDomainVerificationId` | string | `''` | | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | -| `dailyMemoryTimeQuota` | int | `-1` | | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` | `[AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` | The name of logs that will be streamed. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of log analytics workspace. | -| `enabled` | bool | `True` | | Setting this value to false disables the app (takes the app offline). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `hostNameSslStates` | array | `[]` | | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | -| `httpsOnly` | bool | `True` | | Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. | -| `hybridConnectionRelays` | array | `[]` | | Names of hybrid connection relays to connect app with. | -| `hyperV` | bool | `False` | | Hyper-V sandbox. | -| `keyVaultAccessIdentityResourceId` | string | `''` | | The resource ID of the assigned identity to be used to access a key vault with. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Allow or block all public traffic. | -| `redundancyMode` | string | `'None'` | `[ActiveActive, Failover, GeoRedundant, Manual, None]` | Site redundancy mode. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serverFarmResourceId` | string | `''` | | The resource ID of the app service plan to use for the slot. | -| `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| `siteConfig` | object | `{object}` | | The site config object. | -| `storageAccountRequired` | bool | `False` | | Checks if Customer provided storage account is required. | -| `storageAccountResourceId` | string | `''` | | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkSubnetId` | string | `''` | | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | -| `vnetContentShareEnabled` | bool | `False` | | To enable accessing content over virtual network. | -| `vnetImagePullEnabled` | bool | `False` | | To enable pulling image over Virtual Network. | -| `vnetRouteAllEnabled` | bool | `False` | | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | +| [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | +| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | +| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | +| [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | +| [`clientCertMode`](#parameter-clientcertmode) | string | This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | +| [`cloningInfo`](#parameter-cloninginfo) | object | If specified during app creation, the app is cloned from a source app. | +| [`containerSize`](#parameter-containersize) | int | Size of the function container. | +| [`customDomainVerificationId`](#parameter-customdomainverificationid) | string | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | +| [`dailyMemoryTimeQuota`](#parameter-dailymemorytimequota) | int | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of log analytics workspace. | +| [`enabled`](#parameter-enabled) | bool | Setting this value to false disables the app (takes the app offline). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`hostNameSslStates`](#parameter-hostnamesslstates) | array | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | +| [`httpsOnly`](#parameter-httpsonly) | bool | Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. | +| [`hybridConnectionRelays`](#parameter-hybridconnectionrelays) | array | Names of hybrid connection relays to connect app with. | +| [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | +| [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Allow or block all public traffic. | +| [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serverFarmResourceId`](#parameter-serverfarmresourceid) | string | The resource ID of the app service plan to use for the slot. | +| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | +| [`siteConfig`](#parameter-siteconfig) | object | The site config object. | +| [`storageAccountRequired`](#parameter-storageaccountrequired) | bool | Checks if Customer provided storage account is required. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | +| [`vnetContentShareEnabled`](#parameter-vnetcontentshareenabled) | bool | To enable accessing content over virtual network. | +| [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | +| [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | + +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `appServiceEnvironmentResourceId` + +The resource ID of the app service environment to use for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appSettingsKeyValuePairs` + +The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `clientAffinityEnabled` + +If client affinity is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `clientCertEnabled` + +To enable client certificate authentication (TLS mutual authentication). +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `clientCertExclusionPaths` + +Client certificate authentication comma-separated exclusion paths. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientCertMode` + +This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. +- Required: No +- Type: string +- Default: `'Optional'` +- Allowed: `[Optional, OptionalInteractiveUser, Required]` + +### Parameter: `cloningInfo` + +If specified during app creation, the app is cloned from a source app. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `containerSize` + +Size of the function container. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `customDomainVerificationId` + +Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dailyMemoryTimeQuota` + +Maximum allowed daily memory-time quota (applicable on dynamic apps only). +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` +- Allowed: `[AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enabled` + +Setting this value to false disables the app (takes the app offline). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostNameSslStates` + +Hostname SSL states are used to manage the SSL bindings for app's hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `httpsOnly` + +Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionRelays` + +Names of hybrid connection relays to connect app with. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hyperV` + +Hyper-V sandbox. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyVaultAccessIdentityResourceId` + +The resource ID of the assigned identity to be used to access a key vault with. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `kind` + +Type of slot to deploy. +- Required: Yes +- Type: string +- Allowed: `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the slot. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Allow or block all public traffic. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `redundancyMode` + +Site redundancy mode. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[ActiveActive, Failover, GeoRedundant, Manual, None]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serverFarmResourceId` + +The resource ID of the app service plan to use for the slot. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `setAzureWebJobsDashboard` + +For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. +- Required: No +- Type: bool +- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` + +### Parameter: `siteConfig` + +The site config object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `storageAccountRequired` + +Checks if Customer provided storage account is required. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `storageAccountResourceId` + +Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkSubnetId` + +Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vnetContentShareEnabled` + +To enable accessing content over virtual network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetImagePullEnabled` + +To enable pulling image over Virtual Network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetRouteAllEnabled` + +Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the slot. | @@ -106,7 +439,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `network/private-endpoint` | Local reference | +| `modules/network/private-endpoint` | Local reference | ## Notes diff --git a/modules/web/site/slot/config--appsettings/README.md b/modules/web/site/slot/config--appsettings/README.md index e41825e801..4301a04146 100644 --- a/modules/web/site/slot/config--appsettings/README.md +++ b/modules/web/site/slot/config--appsettings/README.md @@ -20,31 +20,85 @@ This module deploys a Site Slot App Setting. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` | Type of slot to deploy. | -| `slotName` | string | | Slot name to be configured. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of slot to deploy. | +| [`slotName`](#parameter-slotname) | string | Slot name to be configured. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `appInsightResourceId` | string | `''` | Resource ID of the app insight to leverage for this resource. | -| `appSettingsKeyValuePairs` | object | `{object}` | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| `storageAccountResourceId` | string | `''` | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | +| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | + +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `appSettingsKeyValuePairs` + +The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of slot to deploy. +- Required: Yes +- Type: string +- Allowed: `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` + +### Parameter: `setAzureWebJobsDashboard` + +For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. +- Required: No +- Type: bool +- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` + +### Parameter: `slotName` + +Slot name to be configured. +- Required: Yes +- Type: string + +### Parameter: `storageAccountResourceId` + +Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the slot config. | | `resourceGroupName` | string | The resource group the slot config was deployed into. | diff --git a/modules/web/site/slot/config--appsettings/main.json b/modules/web/site/slot/config--appsettings/main.json index c9f90eb770..c4220e1b9a 100644 --- a/modules/web/site/slot/config--appsettings/main.json +++ b/modules/web/site/slot/config--appsettings/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6824589216099571528" + "version": "0.22.6.54827", + "templateHash": "13223616826795830599" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", diff --git a/modules/web/site/slot/config--authsettingsv2/README.md b/modules/web/site/slot/config--authsettingsv2/README.md index ecd2214ba4..f2620b132c 100644 --- a/modules/web/site/slot/config--authsettingsv2/README.md +++ b/modules/web/site/slot/config--authsettingsv2/README.md @@ -19,28 +19,60 @@ This module deploys a Site Auth Settings V2 Configuration. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `authSettingV2Configuration` | object | | The auth settings V2 configuration. | -| `kind` | string | `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` | Type of slot to deploy. | -| `slotName` | string | | Slot name to be configured. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`kind`](#parameter-kind) | string | Type of slot to deploy. | +| [`slotName`](#parameter-slotname) | string | Slot name to be configured. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of slot to deploy. +- Required: Yes +- Type: string +- Allowed: `[app, functionapp, functionapp,linux, functionapp,workflowapp, functionapp,workflowapp,linux]` + +### Parameter: `slotName` + +Slot name to be configured. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the slot config. | | `resourceGroupName` | string | The resource group the slot config was deployed into. | diff --git a/modules/web/site/slot/config--authsettingsv2/main.json b/modules/web/site/slot/config--authsettingsv2/main.json index 62d26661ff..bfdb1d3153 100644 --- a/modules/web/site/slot/config--authsettingsv2/main.json +++ b/modules/web/site/slot/config--authsettingsv2/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15013002348606979820" + "version": "0.22.6.54827", + "templateHash": "16157844933162881953" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", diff --git a/modules/web/site/slot/hybrid-connection-namespace/relay/README.md b/modules/web/site/slot/hybrid-connection-namespace/relay/README.md index f99bd3bde4..33b731809b 100644 --- a/modules/web/site/slot/hybrid-connection-namespace/relay/README.md +++ b/modules/web/site/slot/hybrid-connection-namespace/relay/README.md @@ -19,29 +19,68 @@ This module deploys a Site Slot Hybrid Connection Namespace Relay. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hybridConnectionResourceId` | string | The resource ID of the relay namespace hybrid connection. | +| [`hybridConnectionResourceId`](#parameter-hybridconnectionresourceid) | string | The resource ID of the relay namespace hybrid connection. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appName` | string | The name of the parent web site. Required if the template is used in a standalone deployment. | -| `slotName` | string | The name of the site slot. Required if the template is used in a standalone deployment. | +| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | +| [`slotName`](#parameter-slotname) | string | The name of the site slot. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all Resources. | -| `sendKeyName` | string | `'defaultSender'` | Name of the authorization rule send key to use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | + +### Parameter: `appName` + +The name of the parent web site. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionResourceId` + +The resource ID of the relay namespace hybrid connection. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `sendKeyName` + +Name of the authorization rule send key to use. +- Required: No +- Type: string +- Default: `'defaultSender'` + +### Parameter: `slotName` + +The name of the site slot. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the hybrid connection relay.. | | `resourceGroupName` | string | The name of the resource group the resource was deployed into. | diff --git a/modules/web/site/slot/hybrid-connection-namespace/relay/main.json b/modules/web/site/slot/hybrid-connection-namespace/relay/main.json index 5d0d08e41c..5381c3268e 100644 --- a/modules/web/site/slot/hybrid-connection-namespace/relay/main.json +++ b/modules/web/site/slot/hybrid-connection-namespace/relay/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1505854425120658866" + "version": "0.22.6.54827", + "templateHash": "11888981629758921842" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", diff --git a/modules/web/site/slot/main.json b/modules/web/site/slot/main.json index 6ba8505194..4e604fd935 100644 --- a/modules/web/site/slot/main.json +++ b/modules/web/site/slot/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7597641242156251930" + "version": "0.22.6.54827", + "templateHash": "14108540523970367707" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -529,8 +529,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6824589216099571528" + "version": "0.22.6.54827", + "templateHash": "13223616826795830599" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -683,8 +683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15013002348606979820" + "version": "0.22.6.54827", + "templateHash": "16157844933162881953" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -816,8 +816,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1505854425120658866" + "version": "0.22.6.54827", + "templateHash": "11888981629758921842" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", @@ -956,8 +956,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18344556157010848654" + "version": "0.22.6.54827", + "templateHash": "12072533589555151999" } }, "parameters": { @@ -1094,8 +1094,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1294,8 +1294,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1432,8 +1432,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/web/static-site/.test/common/main.test.bicep b/modules/web/static-site/.test/common/main.test.bicep index 80bb39a5bd..914204e453 100644 --- a/modules/web/static-site/.test/common/main.test.bicep +++ b/modules/web/static-site/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/web/static-site/.test/min/main.test.bicep b/modules/web/static-site/.test/min/main.test.bicep index 6d9b73c2af..393f828b3a 100644 --- a/modules/web/static-site/.test/min/main.test.bicep +++ b/modules/web/static-site/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/web/static-site/README.md b/modules/web/static-site/README.md index 0e40acc22d..8e0bfb8865 100644 --- a/modules/web/static-site/README.md +++ b/modules/web/static-site/README.md @@ -5,10 +5,10 @@ This module deploys a Static Web App. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -23,76 +23,28 @@ This module deploys a Static Web App. | `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/customDomains) | | `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/linkedBackends) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the static site. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowConfigFileUpdates` | bool | `True` | | False if config file is locked for this static web app; otherwise, true. | -| `appSettings` | object | `{object}` | | Static site app settings. | -| `branch` | string | `''` | | The branch name of the GitHub repository. | -| `buildProperties` | object | `{object}` | | Build properties for the static site. | -| `customDomains` | array | `[]` | | The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enterpriseGradeCdnStatus` | string | `'Disabled'` | `[Disabled, Disabling, Enabled, Enabling]` | State indicating the status of the enterprise grade CDN serving traffic to the static web app. | -| `functionAppSettings` | object | `{object}` | | Function app settings. | -| `linkedBackend` | _[linkedBackend](linked-backend/README.md)_ object | `{object}` | | Object with "resourceId" and "location" of the a user defined function app. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. | -| `provider` | string | `'None'` | | The provider that submitted the last deployment to the primary environment of the static site. | -| `repositoryToken` | securestring | `''` | | The Personal Access Token for accessing the GitHub repository. | -| `repositoryUrl` | string | `''` | | The name of the GitHub repository. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Free'` | `[Free, Standard]` | Type of static site to deploy. | -| `stagingEnvironmentPolicy` | string | `'Enabled'` | `[Disabled, Enabled]` | State indicating whether staging environments are allowed or not allowed for a static web app. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `templateProperties` | object | `{object}` | | Template Options for the static site. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. -## Outputs +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `defaultHostname` | string | The default autogenerated hostname for the static site. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the static site. | -| `resourceGroupName` | string | The resource group the static site was deployed into. | -| `resourceId` | string | The resource ID of the static site. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.static-site:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module staticSite './web/static-site/main.bicep' = { +module staticSite 'br:bicep/modules/web.static-site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wsscom' params: { // Required parameters @@ -256,14 +208,17 @@ module staticSite './web/static-site/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module staticSite './web/static-site/main.bicep' = { +module staticSite 'br:bicep/modules/web.static-site:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-wssmin' params: { // Required parameters @@ -300,3 +255,223 @@ module staticSite './web/static-site/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the static site. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowConfigFileUpdates`](#parameter-allowconfigfileupdates) | bool | False if config file is locked for this static web app; otherwise, true. | +| [`appSettings`](#parameter-appsettings) | object | Static site app settings. | +| [`branch`](#parameter-branch) | string | The branch name of the GitHub repository. | +| [`buildProperties`](#parameter-buildproperties) | object | Build properties for the static site. | +| [`customDomains`](#parameter-customdomains) | array | The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enterpriseGradeCdnStatus`](#parameter-enterprisegradecdnstatus) | string | State indicating the status of the enterprise grade CDN serving traffic to the static web app. | +| [`functionAppSettings`](#parameter-functionappsettings) | object | Function app settings. | +| [`linkedBackend`](#parameter-linkedbackend) | object | Object with "resourceId" and "location" of the a user defined function app. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. | +| [`provider`](#parameter-provider) | string | The provider that submitted the last deployment to the primary environment of the static site. | +| [`repositoryToken`](#parameter-repositorytoken) | securestring | The Personal Access Token for accessing the GitHub repository. | +| [`repositoryUrl`](#parameter-repositoryurl) | string | The name of the GitHub repository. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | Type of static site to deploy. | +| [`stagingEnvironmentPolicy`](#parameter-stagingenvironmentpolicy) | string | State indicating whether staging environments are allowed or not allowed for a static web app. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`templateProperties`](#parameter-templateproperties) | object | Template Options for the static site. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `allowConfigFileUpdates` + +False if config file is locked for this static web app; otherwise, true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `appSettings` + +Static site app settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `branch` + +The branch name of the GitHub repository. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `buildProperties` + +Build properties for the static site. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `customDomains` + +The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enterpriseGradeCdnStatus` + +State indicating the status of the enterprise grade CDN serving traffic to the static web app. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Disabling, Enabled, Enabling]` + +### Parameter: `functionAppSettings` + +Function app settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `linkedBackend` + +Object with "resourceId" and "location" of the a user defined function app. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the static site. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `provider` + +The provider that submitted the last deployment to the primary environment of the static site. +- Required: No +- Type: string +- Default: `'None'` + +### Parameter: `repositoryToken` + +The Personal Access Token for accessing the GitHub repository. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `repositoryUrl` + +The name of the GitHub repository. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Type of static site to deploy. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Standard]` + +### Parameter: `stagingEnvironmentPolicy` + +State indicating whether staging environments are allowed or not allowed for a static web app. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `templateProperties` + +Template Options for the static site. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `defaultHostname` | string | The default autogenerated hostname for the static site. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the static site. | +| `resourceGroupName` | string | The resource group the static site was deployed into. | +| `resourceId` | string | The resource ID of the static site. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/web/static-site/config/README.md b/modules/web/static-site/config/README.md index ca28109abb..ac76bb3933 100644 --- a/modules/web/static-site/config/README.md +++ b/modules/web/static-site/config/README.md @@ -19,28 +19,61 @@ This module deploys a Static Web App Site Config. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[appsettings, functionappsettings]` | Type of settings to apply. | -| `properties` | object | | App settings. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of settings to apply. | +| [`properties`](#parameter-properties) | object | App settings. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | +| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of settings to apply. +- Required: Yes +- Type: string +- Allowed: `[appsettings, functionappsettings]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `properties` + +App settings. +- Required: Yes +- Type: object + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the config. | | `resourceGroupName` | string | The name of the resource group the config was created in. | diff --git a/modules/web/static-site/config/main.json b/modules/web/static-site/config/main.json index 117377cfd0..e063d1a3c3 100644 --- a/modules/web/static-site/config/main.json +++ b/modules/web/static-site/config/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5981963633647576119" + "version": "0.22.6.54827", + "templateHash": "8340850851413090940" }, "name": "Static Web App Site Config", "description": "This module deploys a Static Web App Site Config.", diff --git a/modules/web/static-site/custom-domain/README.md b/modules/web/static-site/custom-domain/README.md index cd8472bbfe..f5b55f3ad5 100644 --- a/modules/web/static-site/custom-domain/README.md +++ b/modules/web/static-site/custom-domain/README.md @@ -19,28 +19,61 @@ This module deploys a Static Web App Site Custom Domain. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The custom domain name. | +| [`name`](#parameter-name) | string | The custom domain name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | +| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `validationMethod` | string | `'cname-delegation'` | Validation method for adding a custom domain. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`validationMethod`](#parameter-validationmethod) | string | Validation method for adding a custom domain. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The custom domain name. +- Required: Yes +- Type: string + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `validationMethod` + +Validation method for adding a custom domain. +- Required: No +- Type: string +- Default: `'cname-delegation'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the static site custom domain. | | `resourceGroupName` | string | The resource group the static site custom domain was deployed into. | diff --git a/modules/web/static-site/linked-backend/README.md b/modules/web/static-site/linked-backend/README.md index a29d9dbb30..c77db73a84 100644 --- a/modules/web/static-site/linked-backend/README.md +++ b/modules/web/static-site/linked-backend/README.md @@ -19,29 +19,69 @@ This module deploys a Custom Function App into a Static Web App Site using the L **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `backendResourceId` | string | The resource ID of the backend linked to the static site. | +| [`backendResourceId`](#parameter-backendresourceid) | string | The resource ID of the backend linked to the static site. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | +| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `name` | string | `[uniqueString(parameters('backendResourceId'))]` | Name of the backend to link to the static site. | -| `region` | string | `[resourceGroup().location]` | The region of the backend linked to the static site. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`name`](#parameter-name) | string | Name of the backend to link to the static site. | +| [`region`](#parameter-region) | string | The region of the backend linked to the static site. | + +### Parameter: `backendResourceId` + +The resource ID of the backend linked to the static site. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the backend to link to the static site. +- Required: No +- Type: string +- Default: `[uniqueString(parameters('backendResourceId'))]` + +### Parameter: `region` + +The region of the backend linked to the static site. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the static site linked backend. | | `resourceGroupName` | string | The resource group the static site linked backend was deployed into. | diff --git a/modules/web/static-site/linked-backend/main.json b/modules/web/static-site/linked-backend/main.json index daa994ad65..78a05690f0 100644 --- a/modules/web/static-site/linked-backend/main.json +++ b/modules/web/static-site/linked-backend/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7461352396319136343" + "version": "0.22.6.54827", + "templateHash": "13553590806488370796" }, "name": "Static Web App Site Linked Backends", "description": "This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.", diff --git a/utilities/pipelines/resourcePublish/Get-PrivateRegistryRepositoryName.ps1 b/utilities/pipelines/resourcePublish/Get-PrivateRegistryRepositoryName.ps1 index 1b4070c6a6..f877fdedfa 100644 --- a/utilities/pipelines/resourcePublish/Get-PrivateRegistryRepositoryName.ps1 +++ b/utilities/pipelines/resourcePublish/Get-PrivateRegistryRepositoryName.ps1 @@ -33,7 +33,7 @@ function Get-PrivateRegistryRepositoryName { if ($UseApiSpecsAlignedName) { # Load helper script - . (Join-Path (Get-Item -Path $PSScriptRoot).Parent.Parent 'tools' 'helper' 'Get-SpecsAlignedResourceName.ps1') + . (Join-Path (Get-Item -Path $PSScriptRoot).Parent.Parent 'pipelines' 'sharedScripts' 'helper' 'Get-SpecsAlignedResourceName.ps1') $moduleIdentifier = Get-SpecsAlignedResourceName -ResourceIdentifier $moduleIdentifier } diff --git a/utilities/pipelines/resourcePublish/Get-TemplateSpecsName.ps1 b/utilities/pipelines/resourcePublish/Get-TemplateSpecsName.ps1 index 89777d6308..2ca2ebaba3 100644 --- a/utilities/pipelines/resourcePublish/Get-TemplateSpecsName.ps1 +++ b/utilities/pipelines/resourcePublish/Get-TemplateSpecsName.ps1 @@ -33,7 +33,7 @@ function Get-TemplateSpecsName { if ($UseApiSpecsAlignedName) { # Load helper script - . (Join-Path (Get-Item -Path $PSScriptRoot).Parent.Parent 'tools' 'helper' 'Get-SpecsAlignedResourceName.ps1') + . (Join-Path (Get-Item -Path $PSScriptRoot).Parent.Parent 'pipelines' 'sharedScripts' 'helper' 'Get-SpecsAlignedResourceName.ps1') $moduleIdentifier = Get-SpecsAlignedResourceName -ResourceIdentifier $moduleIdentifier $moduleIdentifier = $moduleIdentifier -replace 'microsoft', 'ms' } diff --git a/utilities/pipelines/resourcePublish/Get-UniversalArtifactsName.ps1 b/utilities/pipelines/resourcePublish/Get-UniversalArtifactsName.ps1 index 9cc29a5091..d394a8c5a6 100644 --- a/utilities/pipelines/resourcePublish/Get-UniversalArtifactsName.ps1 +++ b/utilities/pipelines/resourcePublish/Get-UniversalArtifactsName.ps1 @@ -35,7 +35,7 @@ function Get-UniversalArtifactsName { if ($UseApiSpecsAlignedName) { # Load helper script - . (Join-Path (Get-Item -Path $PSScriptRoot).Parent.Parent 'tools' 'helper' 'Get-SpecsAlignedResourceName.ps1') + . (Join-Path (Get-Item -Path $PSScriptRoot).Parent.Parent 'pipelines' 'sharedScripts' 'helper' 'Get-SpecsAlignedResourceName.ps1') $universalPackageModuleName = Get-SpecsAlignedResourceName -ResourceIdentifier $universalPackageModuleName } diff --git a/utilities/pipelines/sharedScripts/Get-LocallyReferencedFileList.ps1 b/utilities/pipelines/sharedScripts/Get-LocallyReferencedFileList.ps1 index 87cd3f2e01..31b6c20a1b 100644 --- a/utilities/pipelines/sharedScripts/Get-LocallyReferencedFileList.ps1 +++ b/utilities/pipelines/sharedScripts/Get-LocallyReferencedFileList.ps1 @@ -9,6 +9,9 @@ That means if module A references module B, which references module C, then all .PARAMETER FilePath Mandatory. The path to the template to investigate. +.PARAMETER TemplateMap +Optional. The hashtable of templatePath-templateContent to search in. Can be provided to speed up runtime. + .EXAMPLE Get-LocallyReferencedFileList -FilePath 'C:/modules/key-vault/vault/main.bicep' @@ -18,19 +21,22 @@ function Get-LocallyReferencedFileList { [CmdletBinding()] param ( - [Parameter()] - [string] $FilePath + [Parameter(Mandatory = $true)] + [string] $FilePath, + + [Parameter(Mandatory = $false)] + [hashtable] $TemplateMap = @{} ) $resList = @() - $fileContent = Get-Content $FilePath + $fileContent = ($TemplateMap.Count -gt 0 -and $TemplateMap.Keys -contains $FilePath) ? $TemplateMap[$FilePath] : (Get-Content $FilePath) $resList += $fileContent | Where-Object { $_ -match "^module .+ '(.+.bicep)' .+$" } | ForEach-Object { (Resolve-Path (Join-Path (Split-Path $FilePath) $matches[1])).Path } if ($resList.Count -gt 0) { foreach ($containedFilePath in $resList) { - $resList += Get-LocallyReferencedFileList -FilePath $containedFilePath + $resList += Get-LocallyReferencedFileList -FilePath $containedFilePath -TemplateMap $TemplateMap } } diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 similarity index 78% rename from utilities/tools/Set-ModuleReadMe.ps1 rename to utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 index fc1ca2f07c..3d24f83b64 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 @@ -1,5 +1,4 @@ #requires -version 7.3 -#requires -Modules powershell-yaml <# .SYNOPSIS @@ -44,9 +43,6 @@ function Set-ResourceTypesSection { [string[]] $ResourceTypesToExclude = @('Microsoft.Resources/deployments') ) - # Loading used functions - . (Join-Path (Split-Path $PSScriptRoot -Parent) 'pipelines' 'sharedScripts' 'Get-NestedResourceList.ps1') - # Process content $SectionContent = [System.Collections.ArrayList]@( '| Resource Type | API Version |', @@ -88,7 +84,7 @@ function Set-ResourceTypesSection { # Build result if ($PSCmdlet.ShouldProcess('Original file with new resource type content', 'Merge')) { - $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'table' + $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' } return $updatedFileContent } @@ -141,6 +137,18 @@ function Set-ParametersSection { [string[]] $ColumnsInOrder = @('Required', 'Conditional', 'Optional', 'Generated') ) + # Collect sources for parameter usage section + $parameterUsageContentMap = @{} + if (Test-Path (Join-Path $PSScriptRoot 'moduleReadMeSource')) { + if ($resourceUsageSourceFiles = Get-ChildItem (Join-Path $PSScriptRoot 'moduleReadMeSource') -Recurse -Filter 'resourceUsage-*') { + foreach ($sourceFile in $resourceUsageSourceFiles.FullName) { + $parameterName = (Split-Path $sourceFile -LeafBase).Replace('resourceUsage-', '') + + $parameterUsageContentMap[$parameterName] = Get-Content $sourceFile -Raw + } + } + } + # Get all descriptions $descriptions = $TemplateFileContent.parameters.Values.metadata.description @@ -152,14 +160,12 @@ function Set-ParametersSection { # Add all others that exist but are not specified in the columnsInOrder parameter $sortedParamCategories += $paramCategories | Where-Object { $ColumnsInOrder -notcontains $_ } - # Collect file information - $currentLevelFolders = Get-ChildItem -Path $currentFolderPath -Directory -Depth 0 - $folderNames = ($null -ne $currentLevelFolders) ? ($currentLevelFolders.FullName | ForEach-Object { Split-Path $_ -Leaf }) : @() - # Add name as property for later reference $TemplateFileContent.parameters.Keys | ForEach-Object { $TemplateFileContent.parameters[$_]['name'] = $_ } $newSectionContent = [System.Collections.ArrayList]@() + $parameterList = @{} + # Create parameter blocks foreach ($category in $sortedParamCategories) { @@ -167,66 +173,191 @@ function Set-ParametersSection { # Filter to relevant items [array] $categoryParameters = $TemplateFileContent.parameters.Values | Where-Object { $_.metadata.description -like "$category. *" } | Sort-Object -Property 'Name' -Culture 'en-US' - # Check properties for later reference - $hasDefault = $categoryParameters.defaultValue.count -gt 0 - $hasAllowed = $categoryParameters.allowedValues.count -gt 0 - - # 2. Create header including optional columns + # 2. Create header including optional columns & initiate the parameter list $newSectionContent += @( ('**{0} parameters**' -f $category), '', - ('| Parameter Name | Type | {0}{1}Description |' -f ($hasDefault ? 'Default Value | ' : ''), ($hasAllowed ? 'Allowed Values | ' : '')), - ('| :-- | :-- | {0}{1}:-- |' -f ($hasDefault ? ':-- | ' : ''), ($hasAllowed ? ':-- | ' : '')) + '| Parameter | Type | Description |', + '| :-- | :-- | :-- |' ) # 3. Add individual parameters foreach ($parameter in $categoryParameters) { - - # Convert parameter name to kebab-case, as that would be the correspondent child module folder to refer to - # (?').Replace("`n", '

') - $allowedValue = ($parameter.allowedValues -is [array]) ? ('[{0}]' -f (($parameter.allowedValues | Sort-Object) -join ', ')) : (($parameter.allowedValues -is [hashtable]) ? '{object}' : $parameter.allowedValues) + $allowedValues = ($rawAllowedValues -is [array]) ? ('[{0}]' -f (($rawAllowedValues | Sort-Object) -join ', ')) : (($rawAllowedValues -is [hashtable]) ? '{object}' : $rawAllowedValues) # Further, replace all "empty string" default values with actual visible quotes - if ([regex]::Match($allowedValue, '^(\[\s*,.+)|(\[.+,\s*,)|(.+,\s*\])$').Captures.Count -gt 0) { - $allowedValue = $allowedValue -replace '\[\s*,', "[''," -replace ',\s*,', ", ''," -replace ',\s*\]', ", '']" + if ([regex]::Match($allowedValues, '^(\[\s*,.+)|(\[.+,\s*,)|(.+,\s*\])$').Captures.Count -gt 0) { + $allowedValues = $allowedValues -replace '\[\s*,', "[''," -replace ',\s*,', ", ''," -replace ',\s*\]', ", '']" } # Update parameter table content based on parameter category ## Remove category from parameter description $description = $description.substring("$category. ".Length) - $defaultValueColumnValue = ($hasDefault ? (-not [String]::IsNullOrEmpty($defaultValue) ? "``$defaultValue`` | " : ' | ') : '') - $allowedValueColumnValue = ($hasAllowed ? (-not [String]::IsNullOrEmpty($allowedValue) ? "``$allowedValue`` | " : ' | ') : '') - $newSectionContent += ('| `{0}` | {1} | {2}{3}{4} |' -f $parameter.name, $type, $defaultValueColumnValue, $allowedValueColumnValue, $description) + $newSectionContent += ('| [`{0}`]({1}) | {2} | {3} |' -f $parameter.name, $paramIdentifier, $type, $description) + + $parameterList += @{ + $paramIdentifier = @( + $paramHeader, + '', + $description, + ('- Required: {0}' -f ($isRequired ? 'Yes' : 'No')), + ('- Type: {0}' -f $type), + ((-not [String]::IsNullOrEmpty($defaultValue)) ? ('- Default: `{0}`' -f $defaultValue) : $null), + ((-not [String]::IsNullOrEmpty($allowedValues)) ? ('- Allowed: `{0}`' -f $allowedValues) : $null), + '', + (($parameterUsageContentMap.Keys -contains $parameter.name) ? $parameterUsageContentMap[$parameter.name] : $null) + ) | Where-Object { $null -ne $_ } + } + + if (($parameter.Keys -contains '$ref') -or ($parameter.Keys -contains 'items' -and $parameter.items.Keys -contains '$ref')) { + # Has a user-defined type + $identifier = ($parameter.Keys -contains '$ref') ? (Split-Path $parameter.'$ref' -Leaf) : (Split-Path $parameter.items.'$ref' -Leaf) + $definition = $TemplateFileContent.definitions[$identifier] + $properties = ($definition.Keys -contains 'items' ? $definition['items']['properties'] : $definition['properties']) + $parameterList[$paramIdentifier] += Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $properties -ParentName $parameter.name -ParentIdentifierLink $paramIdentifier + } } $newSectionContent += '' } + $sortedFlatParamList = [System.Collections.ArrayList]@() + foreach ($key in ($parameterList.Keys | Sort-Object)) { + $sortedFlatParamList += $parameterList[$key] + } + $newSectionContent += $sortedFlatParamList + # Build result if ($PSCmdlet.ShouldProcess('Original file with new parameters content', 'Merge')) { - $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $newSectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'none' + $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $newSectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' } return $updatedFileContent } +<# +.SYNOPSIS +Update parts of the 'parameters' section of the given readme file, if user defined types are used + +.DESCRIPTION +Adds user defined types to the 'parameters' section of the given readme file + +.PARAMETER TemplateFileContent +Mandatory. The template file content object to crawl data from + +.PARAMETER Properties +Mandatory. Hashtable of the user defined properties + +.PARAMETER ParentName +Mandatory. Name of the parameter, that has the user defined types + +.PARAMETER ParentIdentifierLink +Mandatory. Link of the parameter, that has the user defined types + +.EXAMPLE +Set-DefinitionSection -TemplateFileContent @{ resource = @{}; ... } -Properties @{ resource = @{}; ... } -ParentName 'diagnosticSettings' -ParentIdentifierLink '#parameter-diagnosticsettings' + +.NOTES +The function is recursive and will also output grand, great grand children, ... . +#> +function Set-DefinitionSection { + param ( + [Parameter(Mandatory)] + [hashtable] $TemplateFileContent, + + [Parameter(Mandatory)] + [hashtable] $Properties, + + [Parameter(Mandatory)] + [string] $ParentName, + + [Parameter(Mandatory)] + [string] $ParentIdentifierLink + ) + $newSectionContent = @( + '', + '| Name | Required | Type | Description |', + '| :-- | :-- | :--| :-- |' + ) + $tableSectionContent = [System.Collections.ArrayList]@() + $listSectionContent = [System.Collections.ArrayList]@() + + foreach ($parameterName in $Properties.Keys | Sort-Object) { + $parameterValue = $Properties[$parameterName] + $paramIdentifier = '{0}.{1}' -f $ParentName, $parameterName + $paramIdentifierLink = ('{0}{1}' -f $ParentIdentifierLink, $parameterName).ToLower() + + # definition type (if any) + if ($parameterValue.Keys -contains '$ref') { + $definition = $TemplateFileContent.definitions[(Split-Path $parameterValue.'$ref' -Leaf)] + } else { + $definition = $null + } + + $isRequired = (Get-IsParameterRequired -TemplateFileContent $TemplateFileContent -Parameter $parameterValue) ? 'Yes' : 'No' + $type = ($parameterValue.Keys -contains '$ref') ? $definition.type : $parameterValue['type'] + $description = $parameterValue.ContainsKey('metadata') ? $parameterValue['metadata']['description'] : $null + + # build table for definition properties + $tableSectionContent += ('| [`{0}`]({1}) | {2} | {3} | {4} |' -f $parameterName, $paramIdentifierLink, $isRequired, $type, $description) + $allowedValues = ($parameterValue.ContainsKey('allowedValues')) ? (($parameterValue['allowedValues'] -is [array]) ? ('[{0}]' -f (($parameterValue['allowedValues'] | Sort-Object) -join ', ')) : (($parameterValue['allowedValues'] -is [hashtable]) ? '{object}' : $parameterValue['allowedValues'])) : $null + + #build flat list for definition properties + $listSectionContent += @( + '', + ('### Parameter: `{0}`' -f $paramIdentifier), + ($parameterValue.ContainsKey('metadata') ? '' : $null), + ($parameterValue.ContainsKey('metadata') ? $parameterValue['metadata']['description'] : $null), + ($parameterValue.ContainsKey('metadata') ? '' : $null), + ('- Required: {0}' -f $isRequired), + ('- Type: {0}' -f $type), + (($null -ne $allowedValues) ? ('- Allowed: `{0}`' -f $allowedValues) : $null) + ) | Where-Object { $null -ne $_ } + + #recursive call for children + if ($parameterValue.ContainsKey('items') -and $parameterValue['items'].ContainsKey('properties')) { + $childProperties = $parameterValue['items']['properties'] + $listSectionContent += Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $childProperties -ParentName $paramIdentifier -ParentIdentifierLink $paramIdentifierLink + } + } + + $newSectionContent += $tableSectionContent + $newSectionContent += $listSectionContent + $newSectionContent += '' + + return $newSectionContent +} + <# .SYNOPSIS Update the 'outputs' section of the given readme file @@ -267,7 +398,7 @@ function Set-OutputsSection { if ($TemplateFileContent.outputs.Values.metadata) { # Template has output descriptions $SectionContent = [System.Collections.ArrayList]@( - '| Output Name | Type | Description |', + '| Output | Type | Description |', '| :-- | :-- | :-- |' ) foreach ($outputName in ($templateFileContent.outputs.Keys | Sort-Object -Culture 'en-US')) { @@ -277,7 +408,7 @@ function Set-OutputsSection { } } else { $SectionContent = [System.Collections.ArrayList]@( - '| Output Name | Type |', + '| Output | Type |', '| :-- | :-- |' ) foreach ($outputName in ($templateFileContent.outputs.Keys | Sort-Object -Culture 'en-US')) { @@ -288,7 +419,7 @@ function Set-OutputsSection { # Build result if ($PSCmdlet.ShouldProcess('Original file with new output content', 'Merge')) { - $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'table' + $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' } return $updatedFileContent } @@ -315,8 +446,11 @@ Mandatory. The readme file content array to update .PARAMETER SectionStartIdentifier Optional. The identifier of the 'outputs' section. Defaults to '## Cross-referenced modules' +.PARAMETER CrossReferencedModuleList +Required. The Cross Module References to consider when refreshing the readme. + .EXAMPLE -Set-CrossReferencesSection -ModuleRoot 'C:/key-vault/vault' -FullModuleIdentifier 'key-vault/vault' -TemplateFileContent @{ resource = @{}; ... } -ReadMeFileContent @('# Title', '', '## Section 1', ...) +Set-CrossReferencesSection -ModuleRoot 'C:/key-vault/vault' -FullModuleIdentifier 'key-vault/vault' -TemplateFileContent @{ resource = @{}; ... } -ReadMeFileContent @('# Title', '', '## Section 1', ...) -CrossReferencedModuleList @{} Update the given readme file's 'Cross-referenced modules' section based on the given template file content #> function Set-CrossReferencesSection { @@ -335,12 +469,13 @@ function Set-CrossReferencesSection { [Parameter(Mandatory)] [object[]] $ReadMeFileContent, + [Parameter(Mandatory)] + [hashtable] $CrossReferencedModuleList, + [Parameter(Mandatory = $false)] [string] $SectionStartIdentifier = '## Cross-referenced modules' ) - . (Join-Path (Split-Path $PSScriptRoot -Parent) 'tools' 'Get-CrossReferencedModuleList.ps1') - # Process content $SectionContent = [System.Collections.ArrayList]@( 'This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).', @@ -349,7 +484,7 @@ function Set-CrossReferencesSection { '| :-- | :-- |' ) - $dependencies = (Get-CrossReferencedModuleList)[$FullModuleIdentifier] + $dependencies = $CrossReferencedModuleList[$FullModuleIdentifier] if ($dependencies.Keys -contains 'localPathReferences' -and $dependencies['localPathReferences']) { foreach ($reference in ($dependencies['localPathReferences'] | Sort-Object)) { @@ -371,7 +506,7 @@ function Set-CrossReferencesSection { # Build result if ($PSCmdlet.ShouldProcess('Original file with new output content', 'Merge')) { - $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'none' + $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' } return $updatedFileContent } @@ -834,7 +969,7 @@ function ConvertTo-FormattedBicep { $splitInputObject = @{ BicepParams = $bicepParams RequiredParametersList = $RequiredParametersList - AllParametersList = $JSONParameters.psbase.Keys + AllParametersList = $JSONParameters.psBase.Keys } $commentedBicepParams = Add-BicepParameterTypeComment @splitInputObject @@ -843,10 +978,60 @@ function ConvertTo-FormattedBicep { <# .SYNOPSIS -Generate 'Deployment examples' for the ReadMe out of the parameter files currently used to test the template +Based on the provided parameter metadata, determine whether the parameter is required or not + +.DESCRIPTION +Based on the provided parameter metadata, determine whether the parameter is required or not + +.PARAMETER Parameter +The parameter metadata to analyze. + +For example: @{ + type = 'string' + metadata = @{ + description = 'Required. The name of the Public IP Address.' + } +} + +.PARAMETER TemplateFileContent +Mandatory. The template file content object to crawl data from. + +.EXAMPLE +Get-IsParameterRequired -TemplateFileContent @{ resource = @{}; ... } -Parameter @{ type = 'string'; metadata = @{ description = 'Required. The name of the Public IP Address.' } } + +Check the given parameter whether it is required. Would result into true. +#> +function Get-IsParameterRequired { + + [CmdletBinding()] + param ( + [Parameter(Mandatory = $true)] + [hashtable] $Parameter, + + [Parameter(Mandatory)] + [hashtable] $TemplateFileContent + ) + + $hasParameterNoDefault = $Parameter.Keys -notcontains 'defaultValue' + $isParameterNullable = $Parameter['nullable'] + # User defined type + $isUserDefinedType = $Parameter.Keys -contains '$ref' + $isUserDefinedTypeNullable = $Parameter.Keys -contains '$ref' ? $TemplateFileContent.definitions[(Split-Path $Parameter.'$ref' -Leaf)]['nullable'] : $false + + # Evaluation + # The parameter is required IF it + # - has no default value, + # - is not nullable + # - has no nullable user-defined type + return $hasParameterNoDefault -and -not $isParameterNullable -and -not ($isUserDefinedType -and $isUserDefinedTypeNullable) +} + +<# +.SYNOPSIS +Generate 'Usage examples' for the ReadMe out of the parameter files currently used to test the template .DESCRIPTION -Generate 'Deployment examples' for the ReadMe out of the parameter files currently used to test the template +Generate 'Usage examples' for the ReadMe out of the parameter files currently used to test the template .PARAMETER ModuleRoot Mandatory. The file path to the module's root @@ -861,20 +1046,20 @@ Mandatory. The template file content object to crawl data from Mandatory. The readme file content array to update .PARAMETER SectionStartIdentifier -Optional. The identifier of the 'outputs' section. Defaults to '## Deployment examples' +Optional. The identifier of the 'outputs' section. Defaults to '## Usage examples' .PARAMETER addJson Optional. A switch to control whether or not to add a ARM-JSON-Parameter file example. Defaults to true. .PARAMETER addBicep -Optional. A switch to control whether or not to add a Bicep deployment example. Defaults to true. +Optional. A switch to control whether or not to add a Bicep usage example. Defaults to true. .EXAMPLE -Set-DeploymentExamplesSection -ModuleRoot 'C:/key-vault/vault' -FullModuleIdentifier 'key-vault/vault' -TemplateFileContent @{ resource = @{}; ... } -ReadMeFileContent @('# Title', '', '## Section 1', ...) +Set-UsageExamplesSection -ModuleRoot 'C:/key-vault/vault' -FullModuleIdentifier 'key-vault/vault' -TemplateFileContent @{ resource = @{}; ... } -ReadMeFileContent @('# Title', '', '## Section 1', ...) -Update the given readme file's 'Deployment Examples' section based on the given template file content +Update the given readme file's 'Usage Examples' section based on the given template file content #> -function Set-DeploymentExamplesSection { +function Set-UsageExamplesSection { [CmdletBinding(SupportsShouldProcess)] param ( @@ -897,18 +1082,22 @@ function Set-DeploymentExamplesSection { [bool] $addBicep = $true, [Parameter(Mandatory = $false)] - [string] $SectionStartIdentifier = '## Deployment examples' + [string] $SectionStartIdentifier = '## Usage examples' ) # Load used function(s) - . (Join-Path (Split-Path $PSScriptRoot -Parent) 'pipelines' 'sharedScripts' 'Get-ModuleTestFileList.ps1') + . (Join-Path $PSScriptRoot 'Get-ModuleTestFileList.ps1') + . (Join-Path (Split-Path $PSScriptRoot -Parent) 'resourcePublish' 'Get-PrivateRegistryRepositoryName.ps1') + + $brLink = Get-PrivateRegistryRepositoryName -TemplateFilePath $TemplateFilePath # Process content $SectionContent = [System.Collections.ArrayList]@( - 'The following module usage examples are retrieved from the content of the files hosted in the module''s `.test` folder.', - ' >**Note**: The name of each example is based on the name of the file from which it is taken.', + "The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.", + '', + '>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.', '', - ' >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.', + ('>**Note**: To reference the module, please use the following syntax `br:{0}:1.0.0`.' -f $brLink), '' ) @@ -934,29 +1123,54 @@ function Set-DeploymentExamplesSection { } $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ } - $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object + + $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { + Get-IsParameterRequired -TemplateFileContent $TemplateFileContent -Parameter $TemplateFileContent.parameters[$_] + } | Sort-Object ############################ ## Process test files ## ############################ $pathIndex = 1 + $usageExampleSectionHeaders = @() + $testFilesContent = @() foreach ($testFilePath in $testFilePaths) { # Read content $rawContentArray = Get-Content -Path $testFilePath + $compiledTestFileContent = bicep build $testFilePath --stdout | ConvertFrom-Json -AsHashtable $rawContent = Get-Content -Path $testFilePath -Encoding 'utf8' | Out-String # Format example header - if ((Split-Path (Split-Path $testFilePath -Parent) -Leaf) -ne '.test') { - $exampleTitle = Split-Path (Split-Path $testFilePath -Parent) -Leaf + if ($compiledTestFileContent.metadata.Keys -contains 'name') { + $exampleTitle = $compiledTestFileContent.metadata.name } else { - $exampleTitle = ((Split-Path $testFilePath -LeafBase) -replace '\.', ' ') -replace ' parameters', '' + if ((Split-Path (Split-Path $testFilePath -Parent) -Leaf) -ne '.test') { + $exampleTitle = Split-Path (Split-Path $testFilePath -Parent) -Leaf + } else { + $exampleTitle = ((Split-Path $testFilePath -LeafBase) -replace '\.', ' ') -replace ' parameters', '' + } + $textInfo = (Get-Culture -Name 'en-US').TextInfo + $exampleTitle = $textInfo.ToTitleCase($exampleTitle) } - $textInfo = (Get-Culture -Name 'en-US').TextInfo - $exampleTitle = $textInfo.ToTitleCase($exampleTitle) - $SectionContent += @( - '

Example {0}: {1}

' -f $pathIndex, $exampleTitle + + $fullTestFileTitle = '### Example {0}: _{1}_' -f $pathIndex, $exampleTitle + $testFilesContent += @( + $fullTestFileTitle ) + $usageExampleSectionHeaders += @{ + title = $exampleTitle + header = $fullTestFileTitle + } + + # If a description is added in the template's metadata, we can add it too + if ($compiledTestFileContent.metadata.Keys -contains 'description') { + $testFilesContent += @( + '', + $compiledTestFileContent.metadata.description, + '' + ) + } ## ----------------------------------- ## ## Handle by type (Bicep vs. JSON) ## @@ -977,7 +1191,6 @@ function Set-DeploymentExamplesSection { $rawBicepExample = $rawContentArray[$bicepTestStartIndex..$bicepTestEndIndex] - # In case a loop was used for the test if ($rawBicepExample[-1] -eq '}]') { $rawBicepExample[-1] = '}' } @@ -989,12 +1202,12 @@ function Set-DeploymentExamplesSection { $rawBicepExampleString = $rawBicepExampleString -replace '\$\{serviceShort\}', $serviceShort $rawBicepExampleString = $rawBicepExampleString -replace '\$\{namePrefix\}[-|\.|_]?', '' # Replacing with empty to not expose prefix and avoid potential deployment conflicts $rawBicepExampleString = $rawBicepExampleString -replace '(?m):\s*location\s*$', ': ''''' + $rawBicepExampleString = $rawBicepExampleString -replace '-\$\{iteration\}', '' # [3/6] Format header, remove scope property & any empty line $rawBicepExample = $rawBicepExampleString -split '\n' - $rawBicepExample[0] = "module $moduleNameCamelCase './$fullModuleIdentifier/main.bicep' = {" + $rawBicepExample[0] = "module $moduleNameCamelCase 'br:$($brLink):1.0.0' = {" $rawBicepExample = $rawBicepExample | Where-Object { $_ -notmatch 'scope: *' } | Where-Object { -not [String]::IsNullOrEmpty($_) } - # [4/6] Extract param block $rawBicepExampleArray = $rawBicepExample -split '\n' $moduleDeploymentPropertyIndent = ([regex]::Match($rawBicepExampleArray[1], '^(\s+).*')).Captures.Groups[1].Value.Length @@ -1049,7 +1262,7 @@ function Set-DeploymentExamplesSection { } # Build result - $SectionContent += @( + $testFilesContent += @( '', '
' '' @@ -1077,7 +1290,7 @@ function Set-DeploymentExamplesSection { $orderedJSONExample = Build-OrderedJSONObject @orderingInputObject # [2/2] Create the final content block - $SectionContent += @( + $testFilesContent += @( '', '
' '' @@ -1121,7 +1334,7 @@ function Set-DeploymentExamplesSection { # e.g. "[format('{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('{0}-paramNested', uniqueString(deployment().name, parameters('location')))), '2020-10-01').outputs.managedIdentityResourceId.value)]": {} $expectedValue = $matches[1] } elseif ($row -match '\[.*reference\(extensionResourceId.+\.([a-zA-Z]+).*\].*"') { - # e.g. "[reference(extensionResourceId(managementGroup().id, 'Microsoft.Authorization/policySetDefinitions', format('dep-[[namePrefix]]-polSet-{0}', parameters('serviceShort'))), '2021-06-01').policyDefinitions[0].policyDefinitionReferenceId]" + # e.g. "[reference(extensionResourceId(managementGroup().id, 'Microsoft.Authorization/policySetDefinitions', format('dep-#_namePrefix_#-polSet-{0}', parameters('serviceShort'))), '2021-06-01').policyDefinitions[0].policyDefinitionReferenceId]" $expectedValue = $matches[1] } else { throw "Unhandled case [$row] in file [$testFilePath]" @@ -1138,7 +1351,7 @@ function Set-DeploymentExamplesSection { if ($jsonParameterContentArray[$index] -match '(\s*"value"): "\[.+\]"') { # e.g. # "policyAssignmentId": { - # "value": "[extensionResourceId(managementGroup().id, 'Microsoft.Authorization/policyAssignments', format('dep-[[namePrefix]]-psa-{0}', parameters('serviceShort')))]" + # "value": "[extensionResourceId(managementGroup().id, 'Microsoft.Authorization/policyAssignments', format('dep-#_namePrefix_#-psa-{0}', parameters('serviceShort')))]" $prefix = $matches[1] $headerIndex = $index @@ -1156,7 +1369,7 @@ function Set-DeploymentExamplesSection { # e.g. # "policyDefinitionReferenceIds": { # "value": [ - # "[reference(subscriptionResourceId('Microsoft.Authorization/policySetDefinitions', format('dep-[[namePrefix]]-polSet-{0}', parameters('serviceShort'))), '2021-06-01').policyDefinitions[0].policyDefinitionReferenceId]" + # "[reference(subscriptionResourceId('Microsoft.Authorization/policySetDefinitions', format('dep-#_namePrefix_#-polSet-{0}', parameters('serviceShort'))), '2021-06-01').policyDefinitions[0].policyDefinitionReferenceId]" $prefix = $matches[1] $headerIndex = $index @@ -1238,7 +1451,7 @@ function Set-DeploymentExamplesSection { # - the 'existing' Key Vault resources # - a 'module' header that mimics a module deployment # - all parameters in Bicep format - $SectionContent += @( + $testFilesContent += @( '', '
' '' @@ -1272,7 +1485,7 @@ function Set-DeploymentExamplesSection { $orderedJSONExample = Build-OrderedJSONObject @orderingInputObject # [2/2] Create the final content block - $SectionContent += @( + $testFilesContent += @( '', '
', '', @@ -1288,19 +1501,28 @@ function Set-DeploymentExamplesSection { } } - $SectionContent += @( + $testFilesContent += @( '' ) $pathIndex++ } + foreach ($rawHeader in $usageExampleSectionHeaders) { + $navigationHeader = (($rawHeader.header -replace '<\/?.+?>|[^A-Za-z0-9\s-]').Trim() -replace '\s+', '-').ToLower() # Remove any html and non-identifer elements + $SectionContent += '- [{0}](#{1})' -f $rawHeader.title, $navigationHeader + } + $SectionContent += '' + + + $SectionContent += $testFilesContent + ###################### ## Built result ## ###################### if ($SectionContent) { if ($PSCmdlet.ShouldProcess('Original file with new template references content', 'Merge')) { - return Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier + return Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $SectionContent -SectionStartIdentifier $SectionStartIdentifier -ContentType 'nextH2' } } else { return $ReadMeFileContent @@ -1357,8 +1579,8 @@ function Set-TableOfContent { } # Build result - if ($PSCmdlet.ShouldProcess('Original file with new parameters content', 'Merge')) { - $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $newSectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'none' + if ($PSCmdlet.ShouldProcess('Original file with new navigation content', 'Merge')) { + $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $newSectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' } return $updatedFileContent @@ -1369,8 +1591,7 @@ function Set-TableOfContent { Initialize the readme file .DESCRIPTION -If no readme file exists, the initial content is generated (e.g., the skeleton of the section headers). -If a readme file does exist, its title and description are updated with whatever is documented as metadata in the template file. +Create the initial skeleton of the section headers, name & description. .PARAMETER ReadMeFilePath Required. The path to the readme file to initialize. @@ -1401,12 +1622,12 @@ function Initialize-ReadMe { ) . (Join-Path $PSScriptRoot 'helper' 'Get-SpecsAlignedResourceName.ps1') - . (Join-Path (Split-Path $PSScriptRoot -Parent) 'pipelines' 'sharedScripts' 'Get-NestedResourceList.ps1') - + . (Join-Path $PSScriptRoot 'Get-NestedResourceList.ps1') $moduleName = $TemplateFileContent.metadata.name $moduleDescription = $TemplateFileContent.metadata.description $formattedResourceType = Get-SpecsAlignedResourceName -ResourceIdentifier $FullModuleIdentifier + $hasTests = (Get-ChildItem -Path (Split-Path $ReadMeFilePath) -Recurse -Filter 'main.test.bicep' -File -Force).count -gt 0 $inTemplateResourceType = (Get-NestedResourceList $TemplateFileContent).type | Select-Object -Unique | Where-Object { $_ -match "^$formattedResourceType$" @@ -1417,47 +1638,24 @@ function Initialize-ReadMe { $inTemplateResourceType = $formattedResourceType } - if (-not (Test-Path $ReadMeFilePath) -or ([String]::IsNullOrEmpty((Get-Content $ReadMeFilePath -Raw)))) { - - $initialContent = @( - "# $moduleName ``[$inTemplateResourceType]``", - '', - $moduleDescription, - '' - '## Resource Types', - '', - '## Parameters', - '', - '## Outputs' - ) - $readMeFileContent = $initialContent - } else { - $readMeFileContent = Get-Content -Path $ReadMeFilePath -Encoding 'utf8' - $readMeFileContent[0] = "# $moduleName ``[$inTemplateResourceType]``" - - # We want to inject the description right below the header and before the [Resource Types] section - - # Find start- and end-index of description section - $startIndex = 1 # One after the readme header - $endIndex = $startIndex - - while (-not ($endIndex -ge $readMeFileContent.Count - 1) -and -not $readMeFileContent[$endIndex].StartsWith('#')) { - $endIndex++ - } - - # Build result - $startContent = @( - $readMeFileContent[0], - '' - ) - $newContent = @( - $moduleDescription, - '' - ) - $endContent = $readMeFileContent[$endIndex..($readMeFileContent.Count - 1)] - - $readMeFileContent = (($startContent + $newContent + $endContent) | Out-String).TrimEnd().Replace("`r", '').Split("`n") - } + $initialContent = @( + "# $moduleName ``[$inTemplateResourceType]``", + '', + $moduleDescription, + '' + '## Resource Types', + '' + ($hasTests ? '## Usage examples' : $null), + ($hasTests ? '' : $null), + '## Parameters', + '', + '## Outputs', + '', + '## Cross-referenced modules', + '', + '## Notes' + ) | Where-Object { $null -ne $_ } # Filter null values + $readMeFileContent = $initialContent return $readMeFileContent } @@ -1485,6 +1683,9 @@ Optional. The path to the readme to update. If not provided assumes a 'README.md Optional. The sections to update. By default it refreshes all that are supported. Currently supports: 'Resource Types', 'Parameters', 'Outputs', 'Template references' +.PARAMETER CrossReferencedModuleList +Optional. Cross Module References to consider when refreshing the readme. Can be provided to speed up the generation. If not provided, is fetched by this script. + .EXAMPLE Set-ModuleReadMe -TemplateFilePath 'C:\main.bicep' @@ -1524,29 +1725,33 @@ function Set-ModuleReadMe { [Parameter(Mandatory = $false)] [string] $ReadMeFilePath = (Join-Path (Split-Path $TemplateFilePath -Parent) 'README.md'), + [Parameter(Mandatory = $false)] + [hashtable] $CrossReferencedModuleList = @{}, + [Parameter(Mandatory = $false)] [ValidateSet( 'Resource Types', + 'Usage examples', 'Parameters', 'Outputs', 'CrossReferences', 'Template references', - 'Navigation', - 'Deployment examples' + 'Navigation' )] [string[]] $SectionsToRefresh = @( 'Resource Types', + 'Usage examples', 'Parameters', 'Outputs', 'CrossReferences', 'Template references', - 'Navigation', - 'Deployment examples' + 'Navigation' ) ) # Load external functions . (Join-Path $PSScriptRoot 'helper' 'Merge-FileWithNewContent.ps1') + . (Join-Path $PSScriptRoot 'Get-NestedResourceList.ps1') # Check template & make full path $TemplateFilePath = Resolve-Path -Path $TemplateFilePath -ErrorAction Stop @@ -1559,7 +1764,7 @@ function Set-ModuleReadMe { if ((Split-Path -Path $TemplateFilePath -Extension) -eq '.bicep') { $templateFileContent = bicep build $TemplateFilePath --stdout | ConvertFrom-Json -AsHashtable } else { - $templateFileContent = ConvertFrom-Json (Get-Content $TemplateFilePath -Encoding 'utf8' -Raw) -ErrorAction Stop -AsHashtable + $templateFileContent = ConvertFrom-Json (Get-Content $TemplateFilePath -Encoding 'utf8' -Raw) -ErrorAction 'Stop' -AsHashtable } } @@ -1576,6 +1781,32 @@ function Set-ModuleReadMe { $fullModuleIdentifier = $fullModuleIdentifier.split($customModuleSeparator)[0] } + # ===================== # + # Preparation steps # + # ===================== # + # Read original readme, if any. Then delete it to build from scratch + if ((Test-Path $ReadMeFilePath) -and -not ([String]::IsNullOrEmpty((Get-Content $ReadMeFilePath -Raw)))) { + $readMeFileContent = Get-Content -Path $ReadMeFilePath -Encoding 'utf8' + # Delete original readme + if ($PSCmdlet.ShouldProcess("File in path [$ReadMeFilePath]", 'Delete')) { + $null = Remove-Item $ReadMeFilePath -Force + } + } + # Make sure we preserve any manual notes a user might have added in the corresponding section + if ($match = $readMeFileContent | Select-String -Pattern '## Notes') { + $startIndex = $match.LineNumber + + $endIndex = $startIndex + 1 + + while (-not (($endIndex + 1) -gt $readMeFileContent.count) -and $readMeFileContent[($endIndex + 1)] -notlike '## *') { + $endIndex++ + } + + $notes = $readMeFileContent[($startIndex - 1)..$endIndex] + } else { + $notes = @() + } + # Initialize readme $inputObject = @{ ReadMeFilePath = $ReadMeFilePath @@ -1584,7 +1815,9 @@ function Set-ModuleReadMe { } $readMeFileContent = Initialize-ReadMe @inputObject - # Set content + # =============== # + # Set content # + # =============== # if ($SectionsToRefresh -contains 'Resource Types') { # Handle [Resource Types] section # =============================== @@ -1595,6 +1828,19 @@ function Set-ModuleReadMe { $readMeFileContent = Set-ResourceTypesSection @inputObject } + $hasTests = (Get-ChildItem -Path $moduleRoot -Recurse -Filter 'main.test.bicep' -File -Force).count -gt 0 + if ($SectionsToRefresh -contains 'Usage examples' -and $hasTests) { + # Handle [Usage examples] section + # =================================== + $inputObject = @{ + ModuleRoot = $ModuleRoot + FullModuleIdentifier = $fullModuleIdentifier + ReadMeFileContent = $readMeFileContent + TemplateFileContent = $templateFileContent + } + $readMeFileContent = Set-UsageExamplesSection @inputObject + } + if ($SectionsToRefresh -contains 'Parameters') { # Handle [Parameters] section # =========================== @@ -1619,27 +1865,24 @@ function Set-ModuleReadMe { if ($SectionsToRefresh -contains 'CrossReferences') { # Handle [CrossReferences] section # ======================== + if ($CrossReferencedModuleList.Count -eq 0) { + . (Join-Path (Get-Item $PSScriptRoot).Parent.Parent 'tools' 'Get-CrossReferencedModuleList.ps1') + $CrossReferencedModuleList = Get-CrossReferencedModuleList + } $inputObject = @{ - ModuleRoot = $ModuleRoot - FullModuleIdentifier = $fullModuleIdentifier - ReadMeFileContent = $readMeFileContent - TemplateFileContent = $templateFileContent + ModuleRoot = $ModuleRoot + FullModuleIdentifier = $fullModuleIdentifier + ReadMeFileContent = $readMeFileContent + TemplateFileContent = $templateFileContent + CrossReferencedModuleList = $CrossReferencedModuleList } $readMeFileContent = Set-CrossReferencesSection @inputObject } - - $testFolderPath = Join-Path $moduleRoot '.test' - $hasTests = (Test-Path $testFolderPath) ? (Get-ChildItem -Path $testFolderPath -Recurse -Include 'main.test.*').count -gt 0 : $false - if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { - # Handle [Deployment examples] section - # =================================== - $inputObject = @{ - ModuleRoot = $ModuleRoot - FullModuleIdentifier = $fullModuleIdentifier - ReadMeFileContent = $readMeFileContent - TemplateFileContent = $templateFileContent - } - $readMeFileContent = Set-DeploymentExamplesSection @inputObject + # Handle [Notes] section + # ======================== + if ($notes) { + $readMeFileContent += @( '' ) + $readMeFileContent += $notes } if ($SectionsToRefresh -contains 'Navigation') { diff --git a/utilities/tools/helper/ConvertTo-OrderedHashtable.ps1 b/utilities/pipelines/sharedScripts/helper/ConvertTo-OrderedHashtable.ps1 similarity index 100% rename from utilities/tools/helper/ConvertTo-OrderedHashtable.ps1 rename to utilities/pipelines/sharedScripts/helper/ConvertTo-OrderedHashtable.ps1 diff --git a/utilities/tools/helper/Get-SpecsAlignedResourceName.ps1 b/utilities/pipelines/sharedScripts/helper/Get-SpecsAlignedResourceName.ps1 similarity index 97% rename from utilities/tools/helper/Get-SpecsAlignedResourceName.ps1 rename to utilities/pipelines/sharedScripts/helper/Get-SpecsAlignedResourceName.ps1 index 7cfab64e1d..a82711b65b 100644 --- a/utilities/tools/helper/Get-SpecsAlignedResourceName.ps1 +++ b/utilities/pipelines/sharedScripts/helper/Get-SpecsAlignedResourceName.ps1 @@ -60,7 +60,7 @@ function Get-SpecsAlignedResourceName { [string] $ResourceIdentifier, [Parameter(Mandatory = $false)] - [string] $SpecsFilePath = (Join-Path (Split-Path (Split-Path $PSScriptRoot)) 'src' 'apiSpecsList.json') + [string] $SpecsFilePath = (Join-Path (Get-Item $PSScriptRoot).Parent.Parent.Parent 'src' 'apiSpecsList.json') ) $specs = ConvertFrom-Json (Get-Content $specsFilePath -Raw) -AsHashtable diff --git a/utilities/tools/helper/Merge-FileWithNewContent.ps1 b/utilities/pipelines/sharedScripts/helper/Merge-FileWithNewContent.ps1 similarity index 94% rename from utilities/tools/helper/Merge-FileWithNewContent.ps1 rename to utilities/pipelines/sharedScripts/helper/Merge-FileWithNewContent.ps1 index 04db4a0bb4..e64bbd5a58 100644 --- a/utilities/tools/helper/Merge-FileWithNewContent.ps1 +++ b/utilities/pipelines/sharedScripts/helper/Merge-FileWithNewContent.ps1 @@ -111,7 +111,7 @@ function Merge-FileWithNewContent { [string] $SectionStartIdentifier, [Parameter(Mandatory = $false)] - [ValidateSet('table', 'list', 'none')] + [ValidateSet('table', 'list', 'none', 'nextH2')] [string] $ContentType = 'none' ) @@ -215,6 +215,18 @@ function Merge-FileWithNewContent { } } } + 'nextH2' { + $endIndex = $startIndex + 1 + + while (-not $OldContent[$endIndex].StartsWith('## ') -and -not (($endIndex + 1) -ge $OldContent.count)) { + $endIndex++ + } + + $startContent = $OldContent[0..($startIndex)] + if ($endIndex -ne $OldContent.Count - 1) { + $endContent = $OldContent[$endIndex..($OldContent.Count - 1)] + } + } Default {} } } diff --git a/utilities/pipelines/staticValidation/helper/helper.psm1 b/utilities/pipelines/staticValidation/helper/helper.psm1 index 1afedb79fb..3bfd42e141 100644 --- a/utilities/pipelines/staticValidation/helper/helper.psm1 +++ b/utilities/pipelines/staticValidation/helper/helper.psm1 @@ -6,8 +6,8 @@ $repoRootPath = (Get-Item $PSScriptRoot).Parent.Parent.Parent.Parent.FullName . (Join-Path $repoRootPath 'utilities' 'pipelines' 'sharedScripts' 'Get-NestedResourceList.ps1') . (Join-Path $repoRootPath 'utilities' 'pipelines' 'sharedScripts' 'Get-ScopeOfTemplateFile.ps1') . (Join-Path $repoRootPath 'utilities' 'pipelines' 'sharedScripts' 'Get-ModuleTestFileList.ps1') +. (Join-Path $repoRootPath 'utilities' 'pipelines' 'sharedScripts' 'helper' 'ConvertTo-OrderedHashtable.ps1') . (Join-Path $repoRootPath 'utilities' 'tools' 'Get-CrossReferencedModuleList.ps1') -. (Join-Path $repoRootPath 'utilities' 'tools' 'helper' 'ConvertTo-OrderedHashtable.ps1') . (Join-Path $repoRootPath 'utilities' 'tools' 'helper' 'Get-PipelineFileName.ps1') #################################### diff --git a/utilities/pipelines/staticValidation/module.tests.ps1 b/utilities/pipelines/staticValidation/module.tests.ps1 index 5011b27ff9..617609b9bd 100644 --- a/utilities/pipelines/staticValidation/module.tests.ps1 +++ b/utilities/pipelines/staticValidation/module.tests.ps1 @@ -221,7 +221,7 @@ Describe 'Pipeline tests' -Tag 'Pipeline' { $missingCrossModuleReferenceTriggers = [System.Collections.ArrayList] @() foreach ($localReference in $localReferences) { - $expectedPath = "modules/$localReference/**" + $expectedPath = "$localReference/**" if ($workflowModuleTriggerPaths -notcontains $expectedPath) { $missingCrossModuleReferenceTriggers += $expectedPath } @@ -291,7 +291,7 @@ Describe 'Pipeline tests' -Tag 'Pipeline' { $missingCrossModuleReferenceTriggers = [System.Collections.ArrayList] @() foreach ($localReference in $localReferences) { - $expectedPath = "/modules/$localReference/*" + $expectedPath = "/$localReference/*" if ($moduleTriggerPaths -notcontains $expectedPath) { $missingCrossModuleReferenceTriggers += $expectedPath } @@ -364,291 +364,6 @@ Describe 'Module tests' -Tag 'Module' { $readMeContent | Should -Not -BeNullOrEmpty } - It '[] `README.md` file should contain these sections in order: Navigation, Resource Types, Parameters, Outputs, Cross-referenced modules, Deployment examples.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [object[]] $readMeContent, - [boolean] $isTopLevelModule - ) - - $expectedHeadersInOrder = @('Navigation', 'Resource types', 'Parameters', 'Outputs', 'Cross-referenced modules') - - if ($isTopLevelModule) { - # Only top-level modules have parameter files and hence deployment examples - $expectedHeadersInOrder += 'Deployment examples' - } - - $actualHeadersInOrder = $readMeContent | Where-Object { $_ -like '#*' } | ForEach-Object { ($_ -replace '#', '').TrimStart() } - - $filteredActuals = $actualHeadersInOrder | Where-Object { $expectedHeadersInOrder -contains $_ } - - $missingHeaders = $expectedHeadersInOrder | Where-Object { $actualHeadersInOrder -notcontains $_ } - $missingHeaders.Count | Should -Be 0 -Because ('the list of missing headers [{0}] should be empty.' -f ($missingHeaders -join ',')) - - $filteredActuals | Should -Be $expectedHeadersInOrder -Because 'the headers should exist in the expected order' - } - - It '[] Resources section should contain all resources from the template file.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent - ) - - # Get ReadMe data - $tableStartIndex, $tableEndIndex = Get-TableStartAndEndIndex -ReadMeContent $readMeContent -MarkdownSectionIdentifier '*# Resource Types' - - $ReadMeResourcesList = [System.Collections.ArrayList]@() - for ($index = $tableStartIndex + 2; $index -lt $tableEndIndex; $index++) { - $ReadMeResourcesList += $readMeContent[$index].Split('|')[1].Replace('`', '').Trim() - } - - # Get template data - $templateResources = (Get-NestedResourceList -TemplateFileContent $templateContent | Where-Object { - $_.type -notin @('Microsoft.Resources/deployments') -and $_ }).type | Select-Object -Unique - - # Compare - $differentiatingItems = $templateResources | Where-Object { $ReadMeResourcesList -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ("list of template resources missing from the ReadMe's list [{0}] should be empty" -f ($differentiatingItems -join ',')) - } - - It '[] Resources section should not contain more resources than the template file.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent - ) - - # Get ReadMe data - $tableStartIndex, $tableEndIndex = Get-TableStartAndEndIndex -ReadMeContent $readMeContent -MarkdownSectionIdentifier '*# Resource Types' - - $ReadMeResourcesList = [System.Collections.ArrayList]@() - for ($index = $tableStartIndex + 2; $index -lt $tableEndIndex; $index++) { - $ReadMeResourcesList += $readMeContent[$index].Split('|')[1].Replace('`', '').Trim() - } - - # Get template data - $templateResources = (Get-NestedResourceList -TemplateFileContent $templateContent | Where-Object { - $_.type -notin @('Microsoft.Resources/deployments') -and $_ }).type | Select-Object -Unique - - # Compare - $differentiatingItems = $templateResources | Where-Object { $ReadMeResourcesList -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ("list of resources in the ReadMe's list [{0}] not in the template file should be empty" -f ($differentiatingItems -join ',')) - } - - It '[] Parameters section should contain a table for each existing parameter category in the following order: Required, Conditional, Optional, Generated.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent - ) - - $expectColumnsInOrder = @('Required', 'Conditional', 'Optional', 'Generated') - - ## Get all descriptions - $descriptions = $templateContent.parameters.Values.metadata.description - - ## Get the module parameter categories - $expectedParamCategories = $descriptions | ForEach-Object { $_.Split('.')[0] } | Select-Object -Unique # Get categories in template - $expectedParamCategoriesInOrder = $expectColumnsInOrder | Where-Object { $_ -in $expectedParamCategories } # add required ones in order - $expectedParamCategoriesInOrder += $expectedParamCategories | Where-Object { $_ -notin $expectColumnsInOrder } # add non-required ones after - - $actualParamCategories = $readMeContent | Select-String -Pattern '^\*\*(.+) parameters\*\*$' -AllMatches | ForEach-Object { $_.Matches.Groups[1].Value } # get actual in readme - - $actualParamCategories | Should -Be $expectedParamCategoriesInOrder - } - - It '[] Parameter tables should provide columns in the following order: Parameter Name, Type, Default Value, Allowed Values, Description. Each column should be present unless empty for all the rows.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent - ) - - ## Get all descriptions - $descriptions = $templateContent.parameters.Values.metadata.description - - ## Get the module parameter categories - $paramCategories = $descriptions | ForEach-Object { $_.Split('.')[0] } | Select-Object -Unique - - foreach ($paramCategory in $paramCategories) { - - # Filter to relevant items - [array] $categoryParameters = $templateContent.parameters.Values | Where-Object { $_.metadata.description -like "$paramCategory. *" } | Sort-Object -Property 'Name' -Culture 'en-US' - - # Check properties for later reference - $shouldHaveDefault = $categoryParameters.defaultValue.count -gt 0 - $shouldHaveAllowed = $categoryParameters.allowedValues.count -gt 0 - - $expectedColumnsInOrder = @('Parameter Name', 'Type') - if ($shouldHaveDefault) { $expectedColumnsInOrder += @('Default Value') } - if ($shouldHaveAllowed) { $expectedColumnsInOrder += @('Allowed Values') } - $expectedColumnsInOrder += @('Description') - - $readMeCategoryIndex = $readMeContent | Select-String -Pattern "^\*\*$paramCategory parameters\*\*$" | ForEach-Object { $_.LineNumber } - - $tableStartIndex = $readMeCategoryIndex - while ($readMeContent[$tableStartIndex] -notlike '*|*' -and -not ($tableStartIndex -ge $readMeContent.count)) { - $tableStartIndex++ - } - - $readmeCategoryColumns = ($readMeContent[$tableStartIndex] -split '\|') | ForEach-Object { $_.Trim() } | Where-Object { -not [String]::IsNullOrEmpty($_) } - $readmeCategoryColumns | Should -Be $expectedColumnsInOrder - } - } - - It '[] Parameters section should contain all parameters from the template file.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent - ) - - # Get Template data - $parameters = $templateContent.parameters.Keys - - # Get ReadMe data - ## Get section start index - $sectionStartIndex = Get-MarkdownSectionStartIndex -ReadMeContent $readMeContent -MarkdownSectionIdentifier '*# Parameters' - - if ($sectionStartIndex -ge $readMeContent.count) { - throw 'Parameters section is missing in the Readme. Please add and re-run the tests.' - } - - $parametersSectionEndIndex = Get-MarkdownSectionEndIndex -ReadMeContent $readMeContent -SectionStartIndex $sectionStartIndex - - ## Iterate over all parameter tables - $parametersList = [System.Collections.ArrayList]@() - $sectionIndex = $sectionStartIndex - while ($sectionIndex -lt $parametersSectionEndIndex) { - ### Get table start index - $parametersTableStartIndex = $sectionIndex - while ($readMeContent[$parametersTableStartIndex] -notlike '*|*' -and -not ($parametersTableStartIndex -ge $readMeContent.count)) { - $parametersTableStartIndex++ - } - Write-Verbose ("[loop] Start row of the parameter table: $parametersTableStartIndex") - - ### Get table end index - $parametersTableEndIndex = $parametersTableStartIndex + 2 # Header row + table separator row - while ($readMeContent[$parametersTableEndIndex] -like '*|*' -and -not ($parametersTableEndIndex -ge $readMeContent.count)) { - $parametersTableEndIndex++ - } - Write-Verbose ("[loop] End row of the parameter table: $parametersTableEndIndex") - - for ($tableIndex = $parametersTableStartIndex + 2; $tableIndex -lt $parametersTableEndIndex; $tableIndex++) { - $parametersList += $readMeContent[$tableIndex].Split('|')[1].Replace('`', '').Trim() - } - $sectionIndex = $parametersTableEndIndex + 1 - } - - # Test - $differentiatingItems = $parameters | Where-Object { $parametersList -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of template parameters missing in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - } - - It '[] Outputs section should contain a table with these column names in order: Output Name, Type.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - $readMeContent - ) - - $tableStartIndex, $tableEndIndex = Get-TableStartAndEndIndex -ReadMeContent $readMeContent -MarkdownSectionIdentifier '*# Outputs' - - $outputsTableHeader = $readMeContent[$tableStartIndex].Split('|').Trim() | Where-Object { -not [String]::IsNullOrEmpty($_) } - - # Test - $expectedOutputsTableOrder = @('Output Name', 'Type') - $differentiatingItems = $expectedOutputsTableOrder | Where-Object { $outputsTableHeader -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of "Outputs" table columns missing in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - } - - It '[] Output section should contain all outputs defined in the template file.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent - ) - - # Get ReadMe data - $tableStartIndex, $tableEndIndex = Get-TableStartAndEndIndex -ReadMeContent $readMeContent -MarkdownSectionIdentifier '*# Outputs' - - $ReadMeOutputsList = [System.Collections.ArrayList]@() - for ($index = $tableStartIndex + 2; $index -lt $tableEndIndex; $index++) { - $ReadMeOutputsList += $readMeContent[$index].Split('|')[1].Replace('`', '').Trim() - } - - # Template data - $expectedOutputs = $templateContent.outputs.Keys - - # Test - $differentiatingItems = $expectedOutputs | Where-Object { $ReadMeOutputsList -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of template outputs missing in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - - $differentiatingItems = $ReadMeOutputsList | Where-Object { $expectedOutputs -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of excess template outputs defined in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - } - - It '[] Dependencies section should contain all cross-references defined in the template file.' -TestCases $readmeFileTestCases { - - param( - [string] $moduleFolderName, - [hashtable] $templateContent, - [object[]] $readMeContent, - [string] $resourceTypeIdentifier, - [hashtable] $templateReferences - ) - - # Get ReadMe data - $tableStartIndex, $tableEndIndex = Get-TableStartAndEndIndex -ReadMeContent $readMeContent -MarkdownSectionIdentifier '*## Cross-referenced modules' - - $ReadMeDependenciesList = @{ - localPathReferences = @() - remoteReferences = @() - } - for ($index = $tableStartIndex + 2; $index -lt $tableEndIndex; $index++) { - $type = $readMeContent[$index].Split('|')[2].Trim() - - switch ($type) { - 'Local reference' { - $ReadMeDependenciesList.localPathReferences += $readMeContent[$index].Split('|')[1].Replace('`', '').Trim() - } - 'Remote reference' { - $ReadMeDependenciesList.remoteReferences += $readMeContent[$index].Split('|')[1].Replace('`', '').Trim() - } - Default { - throw "Unkown type reference [$type]. Only [Local reference] & [Remote reference] are known. Please update ReadMe or test script." - } - } - } - - # Test - if ($templateReferences.localPathReferences) { - $differentiatingItems = @() + $templateReferences.localPathReferences | Where-Object { $ReadMeDependenciesList.localPathReferences -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of local template dependencies missing in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - - - $differentiatingItems = @() + $ReadMeDependenciesList.localPathReferences | Where-Object { $templateReferences.localPathReferences -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of excess local template references defined in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - } - - if ($templateReferences.remoteReferences) { - $differentiatingItems = @() + $templateReferences.remoteReferences | Where-Object { $ReadMeDependenciesList.remoteReferences -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of remote template dependencies missing in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - - - $differentiatingItems = @() + $ReadMeDependenciesList.remoteReferences | Where-Object { $templateReferences.remoteReferences -notcontains $_ } - $differentiatingItems.Count | Should -Be 0 -Because ('list of excess remote template references defined in the ReadMe file [{0}] should be empty.' -f ($differentiatingItems -join ',')) - } - } - It '[] `Set-ModuleReadMe` script should not apply any updates.' -TestCases $readmeFileTestCases { param( @@ -662,7 +377,7 @@ Describe 'Module tests' -Tag 'Module' { $fileHashBefore = (Get-FileHash $readMeFilePath).Hash # Load function - . (Join-Path $repoRootPath 'utilities' 'tools' 'Set-ModuleReadMe.ps1') + . (Join-Path $repoRootPath 'utilities' 'pipelines' 'sharedScripts' 'Set-ModuleReadMe.ps1') # Apply update with already compiled template content Set-ModuleReadMe -TemplateFilePath $templateFilePath -TemplateFileContent $templateContent @@ -1257,7 +972,7 @@ Describe 'Module tests' -Tag 'Module' { } $metadataFileTestCases += @{ - moduleFolderName = $resourceTypeIdentifier + moduleFolderName = $moduleFolderName templateFileContent = $templateContent } } diff --git a/utilities/tools/Get-CrossReferencedModuleList.ps1 b/utilities/tools/Get-CrossReferencedModuleList.ps1 index 8153fffce8..5971dd9dc9 100644 --- a/utilities/tools/Get-CrossReferencedModuleList.ps1 +++ b/utilities/tools/Get-CrossReferencedModuleList.ps1 @@ -1,4 +1,5 @@ -<# +#region helper functions +<# .SYNOPSIS Find any nested dependency recursively @@ -51,8 +52,11 @@ This includes local references, online/remote references & resource deployments .PARAMETER ModuleTemplateFilePath Mandatory. The path to the template to search the references for +.PARAMETER TemplateMap +Mandatory. The hashtable of templatePath-templateContent to search in + .EXAMPLE -Get-ReferenceObject -ModuleTemplateFilePath 'C:\dev\key-vault\vault\main.bicep' +Get-ReferenceObject -ModuleTemplateFilePath 'C:\dev\key-vault\vault\main.bicep' -TemplateMap @{ 'C:\modules\key-vault\vault\main.bicep' = @{ '$schema' = '...'; parameters = @( ... ); resources = @{ ... } } } Search all references for module 'key-vault\vault' #> @@ -61,12 +65,14 @@ function Get-ReferenceObject { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] - [string] $ModuleTemplateFilePath + [string] $ModuleTemplateFilePath, + + [Parameter(Mandatory = $true)] + [hashtable] $TemplateMap ) . (Join-Path (Get-Item $PSScriptRoot).Parent 'pipelines' 'sharedScripts' 'Get-LocallyReferencedFileList.ps1') - - $involvedFilePaths = Get-LocallyReferencedFileList -FilePath $ModuleTemplateFilePath + $involvedFilePaths = Get-LocallyReferencedFileList -FilePath $ModuleTemplateFilePath -TemplateMap $TemplateMap $resultSet = @{ resourceReferences = @() @@ -83,7 +89,7 @@ function Get-ReferenceObject { } foreach ($involvedFilePath in (@($ModuleTemplateFilePath) + @($involvedFilePaths))) { - $moduleContent = Get-Content -Path $involvedFilePath + $moduleContent = $TemplateMap[$involvedFilePath] $resultSet.resourceReferences += @() + $moduleContent | Where-Object { $_ -match "^resource .+ '(.+)' .+$" } | ForEach-Object { $matches[1] } $resultSet.remoteReferences += @() + $moduleContent | Where-Object { $_ -match "^module .+ '(.+:.+)' .+$" } | ForEach-Object { $matches[1] } @@ -95,6 +101,8 @@ function Get-ReferenceObject { localPathReferences = $resultSet.localPathReferences | Sort-Object -Unique } } +#endregion + <# .SYNOPSIS Get a list of all resource/module references in a given module path @@ -102,12 +110,10 @@ Get a list of all resource/module references in a given module path .DESCRIPTION As an output you will receive a hashtable that (for each provider namespace) lists the - Directly deployed resources (e.g. via "resource myDeployment 'Microsoft.(..)/(..)@(..)'") -- Linked local module templates (e.g. via "module myDeployment '../../main.bicep'") - Linked remote module tempaltes (e.g. via "module rg 'br/modules:(..):(..)'") .PARAMETER Path -Optional. The path to search in. Defaults to the 'modules' folder. -Note, any local references will only be searched within this path too. +Optional. The path to search in. Defaults to the 'res' folder. .EXAMPLE Get-CrossReferencedModuleList @@ -118,9 +124,10 @@ Invoke the function with the default path. Returns an object such as: "localPathReferences": [ recovery-service/vault/protection-container/protected-item network/public-ip-address - network/network-interface ], - "remoteReferences": null, + "remoteReferences": [ + "avm-res-network-networkinterface" + ], "resourceReferences": [ "Microsoft.Resources/deployments@2021-04-01", "Microsoft.Compute/availabilitySets@2021-07-01", @@ -142,16 +149,23 @@ function Get-CrossReferencedModuleList { [CmdletBinding()] param ( [Parameter()] - [string] $Path = (Join-Path (Split-Path (Split-Path $PSScriptRoot -Parent) -Parent) 'modules') + [string] $Path = (Join-Path (Get-Item $PSScriptRoot).Parent.Parent 'modules') ) - $repoRoot = ($Path -split '[\/|\\]{1}modules[\/|\\]{1}')[0] + $repoRoot = ($Path -split '[\/|\\]{1}modules[\/|\\]?')[0] $resultSet = [ordered]@{} - $moduleTemplatePaths = (Get-ChildItem -Path $Path -Recurse -File -Filter 'main.bicep').FullName + # Collect data + $moduleTemplatePaths = (Get-ChildItem -Path $path -Recurse -File -Filter 'main.bicep').FullName + $templateMap = @{} + foreach ($moduleTemplatePath in $moduleTemplatePaths) { + $templateMap[$moduleTemplatePath] = Get-Content -Path $moduleTemplatePath + } + + # Process data foreach ($moduleTemplatePath in $moduleTemplatePaths) { - $referenceObject = Get-ReferenceObject -ModuleTemplateFilePath $moduleTemplatePath + $referenceObject = Get-ReferenceObject -ModuleTemplateFilePath $moduleTemplatePath -TemplateMap $templateMap # Convert local absolute references to relative references $referenceObject.localPathReferences = $referenceObject.localPathReferences | ForEach-Object { diff --git a/utilities/tools/Get-ModulesFeatureOutline.ps1 b/utilities/tools/Get-ModulesFeatureOutline.ps1 index b0d181df11..eea7ecaee9 100644 --- a/utilities/tools/Get-ModulesFeatureOutline.ps1 +++ b/utilities/tools/Get-ModulesFeatureOutline.ps1 @@ -93,7 +93,7 @@ function Get-ModulesFeatureOutline { # Load external functions . (Join-Path $PSScriptRoot 'helper' 'Get-PipelineStatusUrl.ps1') - . (Join-Path $PSScriptRoot 'helper' 'Get-SpecsAlignedResourceName.ps1') + . (Join-Path (Split-Path $PSScriptRoot) 'pipelines' 'sharedScripts' 'helper' 'Get-SpecsAlignedResourceName.ps1') if ($OnlyTopLevel) { $moduleTemplatePaths = (Get-ChildItem $ModuleFolderPath -Recurse -Filter 'main.bicep' -Depth 2).FullName diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 new file mode 100644 index 0000000000..4d322caa90 --- /dev/null +++ b/utilities/tools/Set-Module.ps1 @@ -0,0 +1,168 @@ +#requires -version 7.3 +<# +.SYNOPSIS +Create/update all content of an AVM module that can be generated for the user + +.DESCRIPTION +Create/update all content of an AVM module that can be generated for the user +This includes +- The `main.json` template(s) +- The `README.md` file(s) + +.PARAMETER ModuleFolderPath +Mandatory. The path to the module folder to generate the content for. + +.PARAMETER Recurse +Optional. Set this parameter if you not only want to generate the content for one module, but also any nested module in the same path. + +.PARAMETER Depth +Optional. Recursion depth for the module search. + +.PARAMETER SkipBuild +Optional. Set this parameter if you don't want to build/compile the JSON template(s) for the contained `main.bicep` file(s). + +.PARAMETER SkipReadMe +Optional. Set this parameter if you don't want to generate the ReadMe file(s) for the module(s). + +.PARAMETER SkipFileAndFolderSetup +Optional. Set this parameter if you don't want to setup the file & folder structure for the module(s). + +.PARAMETER ThrottleLimit +Optional. The number of parallel threads to use for the generation. Defaults to 5. + +.EXAMPLE +Set-Module -ModuleFolderPath 'C:\avm\res\key-vault\vault' + +For the [key-vault\vault] module, build the Bicep module template & generate its ReadMe. + +.EXAMPLE +Set-Module -ModuleFolderPath 'C:\avm\res\key-vault\vault' -Recurse + +For the [key-vault\vault] module or any of its children, build the Bicep module template & generate the ReadMe. + +.EXAMPLE +Set-Module -ModuleFolderPath 'C:\avm\res\key-vault\vault' -Recurse -SkipReadMe + +For the [key-vault\vault] module or any of its children, build only the Bicep module template. + +.EXAMPLE +Set-Module -ModuleFolderPath 'C:\avm\res' -Recurse + +For all modules in path [C:\avm\res], build the Bicep module template & generate the ReadMe. +#> +function Set-Module { + + [CmdletBinding(SupportsShouldProcess = $true)] + param ( + [Parameter(Mandatory = $true)] + [string] $ModuleFolderPath, + + [Parameter(Mandatory = $false)] + [switch] $Recurse, + + [Parameter(Mandatory = $false)] + [switch] $SkipBuild, + + [Parameter(Mandatory = $false)] + [switch] $SkipReadMe, + + [Parameter(Mandatory = $false)] + [switch] $SkipFileAndFolderSetup, + + [Parameter(Mandatory = $false)] + [int] $ThrottleLimit = 5, + + [Parameter(Mandatory = $false)] + [int] $Depth + ) + + # # Load helper scripts + # . (Join-Path $PSScriptRoot 'helper' 'Set-ModuleFileAndFolderSetup.ps1') + + $resolvedPath = (Resolve-Path $ModuleFolderPath).Path + + # Build up module file & folder structure if not yet existing. Should only run if an actual module path was provided (and not any of their parent paths) + # if (-not $SkipFileAndFolderSetup -and ((($resolvedPath -split '\bavm\b')[1].Trim('\,/') -split '[\/|\\]').Count -gt 2)) { + # if ($PSCmdlet.ShouldProcess("File & folder structure for path [$resolvedPath]", "Setup")) { + # Set-ModuleFileAndFolderSetup -FullModuleFolderPath $resolvedPath + # } + # } + + if ($Recurse) { + $childInput = @{ + Path = $resolvedPath + Recurse = $Recurse + File = $true + Filter = 'main.bicep' + } + if ($Depth) { + $childInput.Depth = $Depth + } + $relevantTemplatePaths = (Get-ChildItem @childInput).FullName + } else { + $relevantTemplatePaths = Join-Path $resolvedPath 'main.bicep' + } + + # Load recurring information we'll need for the modules + if (-not $SkipReadMe) { + . (Join-Path $PSScriptRoot 'Get-CrossReferencedModuleList.ps1') + # load cross-references + $crossReferencedModuleList = Get-CrossReferencedModuleList + + # create reference as it must be loaded in the thread to work + $ReadMeScriptFilePath = (Join-Path (Get-Item $PSScriptRoot).Parent.FullName 'pipelines' 'sharedScripts' 'Set-ModuleReadMe.ps1') + } + + # Using threading to speed up the process + if ($PSCmdlet.ShouldProcess(('Building & generation of [{0}] modules in path [{1}]' -f $relevantTemplatePaths.Count, $resolvedPath), 'Execute')) { + try { + $job = $relevantTemplatePaths | ForEach-Object -ThrottleLimit $ThrottleLimit -AsJob -Parallel { + $resourceTypeIdentifier = ((Split-Path $_) -split '[\/|\\]{1}modules[\/|\\]{1}')[1] # avm/res// + + . $using:ReadMeScriptFilePath + + ############### + ## Build ## + ############### + if (-not $using:SkipBuild) { + Write-Output "Building [$resourceTypeIdentifier]" + bicep build $_ + } + + ################ + ## ReadMe ## + ################ + if (-not $using:SkipReadMe) { + Write-Output "Generating readme for [$resourceTypeIdentifier]" + + # If the template was just build, we can pass the JSON into the readme script to be more efficient + $readmeTemplateFilePath = (-not $using:SkipBuild) ? (Join-Path (Split-Path $_ -Parent) 'main.json') : $_ + + Set-ModuleReadMe -TemplateFilePath $readmeTemplateFilePath -CrossReferencedModuleList $using:crossReferencedModuleList + } + } + + do { + # Sleep a bit to allow the threads to run - adjust as desired. + Start-Sleep -Seconds 0.5 + + # Determine how many jobs have completed so far. + $completedJobsCount = ($job.ChildJobs | Where-Object { $_.State -notin @('NotStarted', 'Running') }).Count + + # Relay any pending output from the child jobs. + $job | Receive-Job + + # Update the progress display. + [int] $percent = ($completedJobsCount / $job.ChildJobs.Count) * 100 + Write-Progress -Activity ("Processed [$completedJobsCount/{0}] files" -f $relevantTemplatePaths.Count) -Status "$percent% complete" -PercentComplete $percent + + } while ($completedJobsCount -lt $job.ChildJobs.Count) + + # Clean up the job. + $job | Remove-Job + } finally { + # In case the user cancelled the process, we need to make sure to stop all running jobs + $job | Remove-Job -Force -ErrorAction 'SilentlyContinue' + } + } +} diff --git a/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 b/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 index 7b4baa2d6f..acb027f6bb 100644 --- a/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 +++ b/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 @@ -428,8 +428,9 @@ function Get-ModulesAsMarkdownTable { ) # Load external functions - . (Join-Path $PSScriptRoot 'Get-PipelineStatusUrl.ps1') - . (Join-Path $PSScriptRoot 'Get-SpecsAlignedResourceName.ps1') + $utilitiesRoot = (Get-Item -Path $PSScriptRoot).Parent.Parent + . (Join-Path $utilitiesRoot 'tools' 'helper' 'Get-PipelineStatusUrl.ps1') + . (Join-Path $utilitiesRoot 'pipelines' 'sharedScripts' 'helper' 'Get-SpecsAlignedResourceName.ps1') # Header # ------ diff --git a/utilities/tools/helper/Get-PipelineFileName.ps1 b/utilities/tools/helper/Get-PipelineFileName.ps1 index 032a14d5d9..2072eb02a2 100644 --- a/utilities/tools/helper/Get-PipelineFileName.ps1 +++ b/utilities/tools/helper/Get-PipelineFileName.ps1 @@ -27,7 +27,8 @@ function Get-PipelineFileName { [string] $ResourceIdentifier ) - . (Join-Path $PSScriptRoot 'Get-SpecsAlignedResourceName.ps1') + $utilitiesRoot = (Get-Item -Path $PSScriptRoot).Parent.Parent + . (Join-Path $utilitiesRoot 'pipelines' 'sharedScripts' 'helper' 'Get-SpecsAlignedResourceName.ps1') $provider, $parentType, $childTypeString = $ResourceIdentifier -split '[\/|\\]', 3 $parentResourceIdentifier = $provider, $parentType -join '/' diff --git a/utilities/tools/platform/Set-ModuleOverviewTable.ps1 b/utilities/tools/platform/Set-ModuleOverviewTable.ps1 index 965678fbfd..5e5a67e471 100644 --- a/utilities/tools/platform/Set-ModuleOverviewTable.ps1 +++ b/utilities/tools/platform/Set-ModuleOverviewTable.ps1 @@ -54,9 +54,9 @@ function Set-ModuleOverviewTable { ) # Load external functions - $toolsRoot = Split-Path $PSScriptRoot -Parent - . (Join-Path $toolsRoot 'helper' 'Merge-FileWithNewContent.ps1') - . (Join-Path $toolsRoot 'Get-ModulesFeatureOutline.ps1') + $utilitiesRoot = Split-Path (Split-Path $PSScriptRoot) + . (Join-Path $utilitiesRoot 'pipelines' 'sharedScripts' 'helper' 'Merge-FileWithNewContent.ps1') + . (Join-Path $utilitiesRoot 'tools' 'Get-ModulesFeatureOutline.ps1') # Logic $originalContentArray = Get-Content -Path $markdownFilePath diff --git a/utilities/tools/platform/Set-ReadMeModuleTable.ps1 b/utilities/tools/platform/Set-ReadMeModuleTable.ps1 index f2968f085e..d1e7c296bc 100644 --- a/utilities/tools/platform/Set-ReadMeModuleTable.ps1 +++ b/utilities/tools/platform/Set-ReadMeModuleTable.ps1 @@ -65,9 +65,9 @@ function Set-ReadMeModuleTable { ) # Load external functions - $toolsRoot = Split-Path $PSScriptRoot -Parent - . (Join-Path $toolsRoot 'helper' 'Merge-FileWithNewContent.ps1') - . (Join-Path $toolsRoot 'helper' 'Get-ModulesAsMarkdownTable.ps1') + $utilitiesRoot = Split-Path (Split-Path $PSScriptRoot) + . (Join-Path $utilitiesRoot 'pipelines' 'sharedScripts' 'helper' 'Merge-FileWithNewContent.ps1') + . (Join-Path $utilitiesRoot 'tools' 'helper' 'Get-ModulesAsMarkdownTable.ps1') # Logic $contentArray = Get-Content -Path $FilePath diff --git a/utilities/tools/platform/Set-ReadMePlatformTable.ps1 b/utilities/tools/platform/Set-ReadMePlatformTable.ps1 index b238dfbdf1..dcfc8baf43 100644 --- a/utilities/tools/platform/Set-ReadMePlatformTable.ps1 +++ b/utilities/tools/platform/Set-ReadMePlatformTable.ps1 @@ -53,10 +53,13 @@ function Set-ReadMePlatformTable { # Load external functions $repoRoot = (Get-Item $PSScriptRoot).Parent.Parent.Parent.FullName - . (Join-Path $repoRoot 'utilities' 'tools' 'helper' 'Merge-FileWithNewContent.ps1') + . (Join-Path $repoRoot 'utilities' 'pipelines' 'sharedScripts' 'helper' 'Merge-FileWithNewContent.ps1') . (Join-Path $repoRoot 'utilities' 'tools' 'helper' 'Get-PipelineStatusUrl.ps1') . (Join-Path $repoRoot 'utilities' 'tools' 'helper' 'Get-PipelineNameFromFile.ps1') + + + # Logic $contentArray = Get-Content -Path $FilePath diff --git a/utilities/tools/platform/Set-StaticTestDocumentation.ps1 b/utilities/tools/platform/Set-StaticTestDocumentation.ps1 index f6b01e7741..503c9bc0e9 100644 --- a/utilities/tools/platform/Set-StaticTestDocumentation.ps1 +++ b/utilities/tools/platform/Set-StaticTestDocumentation.ps1 @@ -76,8 +76,8 @@ function Set-StaticTestDocumentation { ) # Load external functions - $toolsRoot = Split-Path $PSScriptRoot -Parent - . (Join-Path $toolsRoot 'helper' 'Merge-FileWithNewContent.ps1') + $utilitiesRoot = Split-Path (Split-Path $PSScriptRoot) + . (Join-Path $utilitiesRoot 'pipelines' 'sharedScripts' 'helper' 'Merge-FileWithNewContent.ps1') # Logic $contentArray = Get-Content -Path $WikiFilePath