diff --git a/modules/insights/action-group/README.md b/modules/insights/action-group/README.md index 107e2c2fd1..d54f25254b 100644 --- a/modules/insights/action-group/README.md +++ b/modules/insights/action-group/README.md @@ -397,7 +397,6 @@ The list of SMS receivers that are part of this action group. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `voiceReceivers` diff --git a/modules/insights/action-group/main.bicep b/modules/insights/action-group/main.bicep index cc70da7f68..9d339fd670 100644 --- a/modules/insights/action-group/main.bicep +++ b/modules/insights/action-group/main.bicep @@ -45,7 +45,7 @@ param azureFunctionReceivers array = [] param armRoleReceivers array = [] @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/insights/action-group/main.json b/modules/insights/action-group/main.json index 792fd37d16..3d096908ea 100644 --- a/modules/insights/action-group/main.json +++ b/modules/insights/action-group/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "38103589755829738" + "templateHash": "2140251667223898817" }, "name": "Action Groups", "description": "This module deploys an Action Group.", @@ -178,7 +178,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/insights/activity-log-alert/README.md b/modules/insights/activity-log-alert/README.md index 6fee0f6567..361b57243f 100644 --- a/modules/insights/activity-log-alert/README.md +++ b/modules/insights/activity-log-alert/README.md @@ -339,7 +339,6 @@ The list of resource IDs that this Activity Log Alert is scoped to. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/insights/activity-log-alert/main.bicep b/modules/insights/activity-log-alert/main.bicep index b2abd44709..349e2184db 100644 --- a/modules/insights/activity-log-alert/main.bicep +++ b/modules/insights/activity-log-alert/main.bicep @@ -29,7 +29,7 @@ param conditions array param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/insights/activity-log-alert/main.json b/modules/insights/activity-log-alert/main.json index 011805c14a..e30e649b22 100644 --- a/modules/insights/activity-log-alert/main.json +++ b/modules/insights/activity-log-alert/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16411085736743453279" + "templateHash": "11464845772829048576" }, "name": "Activity Log Alerts", "description": "This module deploys an Activity Log Alert.", @@ -138,7 +138,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/insights/component/README.md b/modules/insights/component/README.md index 166ce61b15..93f098019a 100644 --- a/modules/insights/component/README.md +++ b/modules/insights/component/README.md @@ -471,7 +471,6 @@ Percentage of the data produced by the application being monitored that is being Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `workspaceResourceId` diff --git a/modules/insights/component/main.bicep b/modules/insights/component/main.bicep index e3084ce4ad..5ca3a75e6b 100644 --- a/modules/insights/component/main.bicep +++ b/modules/insights/component/main.bicep @@ -58,7 +58,7 @@ param location string = resourceGroup().location param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/insights/component/main.json b/modules/insights/component/main.json index beb8c0e634..633108ee5b 100644 --- a/modules/insights/component/main.json +++ b/modules/insights/component/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "803183035503673320" + "templateHash": "15854449149260650767" }, "name": "Application Insights", "description": "This component deploys an Application Insights instance.", @@ -281,7 +281,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index 19f10616c4..5f791e34bd 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -328,7 +328,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/insights/data-collection-endpoint/main.bicep b/modules/insights/data-collection-endpoint/main.bicep index 246b4d305a..6b3fa4325e 100644 --- a/modules/insights/data-collection-endpoint/main.bicep +++ b/modules/insights/data-collection-endpoint/main.bicep @@ -36,7 +36,7 @@ param roleAssignments roleAssignmentType param publicNetworkAccess string = 'Disabled' @description('Optional. Resource tags.') -param tags object = {} +param tags object? var builtInRoleNames = { Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') diff --git a/modules/insights/data-collection-endpoint/main.json b/modules/insights/data-collection-endpoint/main.json index 8696ca8b76..1b5d39bc42 100644 --- a/modules/insights/data-collection-endpoint/main.json +++ b/modules/insights/data-collection-endpoint/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5064319070805092308" + "templateHash": "8921941475150538433" }, "name": "Data Collection Endpoints", "description": "This module deploys a Data Collection Endpoint.", @@ -162,7 +162,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index 04dec0ae15..261e51782d 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -1671,7 +1671,6 @@ Declaration of custom streams used in this rule. Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/insights/data-collection-rule/main.bicep b/modules/insights/data-collection-rule/main.bicep index ea8f7a0f0d..8e8be03130 100644 --- a/modules/insights/data-collection-rule/main.bicep +++ b/modules/insights/data-collection-rule/main.bicep @@ -47,7 +47,7 @@ param roleAssignments roleAssignmentType param streamDeclarations object = {} @sys.description('Optional. Resource tags.') -param tags object = {} +param tags object? // =============== // // Deployments // diff --git a/modules/insights/data-collection-rule/main.json b/modules/insights/data-collection-rule/main.json index 444a20be3f..09fd72cd0d 100644 --- a/modules/insights/data-collection-rule/main.json +++ b/modules/insights/data-collection-rule/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12929247318394653560" + "templateHash": "2029998281934386338" }, "name": "Data Collection Rules", "description": "This module deploys a Data Collection Rule.", @@ -190,7 +190,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/insights/metric-alert/README.md b/modules/insights/metric-alert/README.md index d218665401..2ff2485b0e 100644 --- a/modules/insights/metric-alert/README.md +++ b/modules/insights/metric-alert/README.md @@ -344,7 +344,6 @@ The severity of the alert. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `targetResourceRegion` diff --git a/modules/insights/metric-alert/main.bicep b/modules/insights/metric-alert/main.bicep index 1c9c7fa2fc..992795ba50 100644 --- a/modules/insights/metric-alert/main.bicep +++ b/modules/insights/metric-alert/main.bicep @@ -79,7 +79,7 @@ param criterias array param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/insights/metric-alert/main.json b/modules/insights/metric-alert/main.json index 596264f7b2..afc031ec18 100644 --- a/modules/insights/metric-alert/main.json +++ b/modules/insights/metric-alert/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12768498740595616170" + "templateHash": "7986480211513146761" }, "name": "Metric Alerts", "description": "This module deploys a Metric Alert.", @@ -216,7 +216,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/insights/private-link-scope/README.md b/modules/insights/private-link-scope/README.md index 503da87cab..0f6c7ba546 100644 --- a/modules/insights/private-link-scope/README.md +++ b/modules/insights/private-link-scope/README.md @@ -512,7 +512,6 @@ Configuration details for Azure Monitor Resources. Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/insights/private-link-scope/main.bicep b/modules/insights/private-link-scope/main.bicep index 5d9aa08e33..a21a5f25c8 100644 --- a/modules/insights/private-link-scope/main.bicep +++ b/modules/insights/private-link-scope/main.bicep @@ -22,7 +22,7 @@ param scopedResources array = [] param privateEndpoints privateEndpointType @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/insights/private-link-scope/main.json b/modules/insights/private-link-scope/main.json index f2fa8337c2..63675293c1 100644 --- a/modules/insights/private-link-scope/main.json +++ b/modules/insights/private-link-scope/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9175020405944005574" + "templateHash": "10939592682328481507" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -296,7 +296,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/insights/scheduled-query-rule/README.md b/modules/insights/scheduled-query-rule/README.md index c5a4ea3e0a..7a4003acd4 100644 --- a/modules/insights/scheduled-query-rule/README.md +++ b/modules/insights/scheduled-query-rule/README.md @@ -400,7 +400,6 @@ Mute actions for the chosen period of time (in ISO 8601 duration format) after t Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `targetResourceTypes` diff --git a/modules/insights/scheduled-query-rule/main.bicep b/modules/insights/scheduled-query-rule/main.bicep index 226ecce844..27e644b9bb 100644 --- a/modules/insights/scheduled-query-rule/main.bicep +++ b/modules/insights/scheduled-query-rule/main.bicep @@ -65,7 +65,7 @@ param criterias object param suppressForMinutes string = '' @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/insights/scheduled-query-rule/main.json b/modules/insights/scheduled-query-rule/main.json index bfaf29b63b..804da1fac7 100644 --- a/modules/insights/scheduled-query-rule/main.json +++ b/modules/insights/scheduled-query-rule/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12829815846590991969" + "templateHash": "3215598878486027169" }, "name": "Scheduled Query Rules", "description": "This module deploys a Scheduled Query Rule.", @@ -209,7 +209,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index f8759df26f..28af1e5341 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -1269,7 +1269,6 @@ softDelete data retention days. It accepts >=7 and <=90. Resource tags. - Required: No - Type: object -- Default: `{object}` ### Parameter: `vaultSku` diff --git a/modules/key-vault/vault/key/README.md b/modules/key-vault/vault/key/README.md index 1e576869c8..561700f223 100644 --- a/modules/key-vault/vault/key/README.md +++ b/modules/key-vault/vault/key/README.md @@ -198,7 +198,6 @@ Key rotation policy properties object. Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/key-vault/vault/key/main.bicep b/modules/key-vault/vault/key/main.bicep index f506bd7937..762341e837 100644 --- a/modules/key-vault/vault/key/main.bicep +++ b/modules/key-vault/vault/key/main.bicep @@ -9,7 +9,7 @@ param keyVaultName string param name string @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Determines whether the object is enabled.') param attributesEnabled bool = true diff --git a/modules/key-vault/vault/key/main.json b/modules/key-vault/vault/key/main.json index 9188cec34a..daadf7027b 100644 --- a/modules/key-vault/vault/key/main.json +++ b/modules/key-vault/vault/key/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15473816229466025012" + "templateHash": "2953672245031093442" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -95,7 +95,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/key-vault/vault/main.bicep b/modules/key-vault/vault/main.bicep index 59a9e4b2d9..178a8067d7 100644 --- a/modules/key-vault/vault/main.bicep +++ b/modules/key-vault/vault/main.bicep @@ -77,7 +77,7 @@ param roleAssignments roleAssignmentType param privateEndpoints privateEndpointType @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -212,7 +212,7 @@ module keyVault_secrets 'secret/main.bicep' = [for (secret, index) in secretList attributesExp: contains(secret, 'attributesExp') ? secret.attributesExp : -1 attributesNbf: contains(secret, 'attributesNbf') ? secret.attributesNbf : -1 contentType: contains(secret, 'contentType') ? secret.contentType : '' - tags: contains(secret, 'tags') ? secret.tags : {} + tags: secret.?tags ?? tags roleAssignments: contains(secret, 'roleAssignments') ? secret.roleAssignments : [] enableDefaultTelemetry: enableReferencedModulesTelemetry } @@ -230,7 +230,7 @@ module keyVault_keys 'key/main.bicep' = [for (key, index) in keys: { keyOps: contains(key, 'keyOps') ? key.keyOps : [] keySize: contains(key, 'keySize') ? key.keySize : -1 kty: contains(key, 'kty') ? key.kty : 'EC' - tags: contains(key, 'tags') ? key.tags : {} + tags: key.?tags ?? tags roleAssignments: contains(key, 'roleAssignments') ? key.roleAssignments : [] enableDefaultTelemetry: enableReferencedModulesTelemetry rotationPolicy: contains(key, 'rotationPolicy') ? key.rotationPolicy : {} diff --git a/modules/key-vault/vault/main.json b/modules/key-vault/vault/main.json index 48077a0533..e36848e797 100644 --- a/modules/key-vault/vault/main.json +++ b/modules/key-vault/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11050704115840799182" + "templateHash": "13347839852828986726" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -508,7 +508,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } @@ -802,7 +802,9 @@ "attributesExp": "[if(contains(variables('secretList')[copyIndex()], 'attributesExp'), createObject('value', variables('secretList')[copyIndex()].attributesExp), createObject('value', -1))]", "attributesNbf": "[if(contains(variables('secretList')[copyIndex()], 'attributesNbf'), createObject('value', variables('secretList')[copyIndex()].attributesNbf), createObject('value', -1))]", "contentType": "[if(contains(variables('secretList')[copyIndex()], 'contentType'), createObject('value', variables('secretList')[copyIndex()].contentType), createObject('value', ''))]", - "tags": "[if(contains(variables('secretList')[copyIndex()], 'tags'), createObject('value', variables('secretList')[copyIndex()].tags), createObject('value', createObject()))]", + "tags": { + "value": "[coalesce(tryGet(variables('secretList')[copyIndex()], 'tags'), parameters('tags'))]" + }, "roleAssignments": "[if(contains(variables('secretList')[copyIndex()], 'roleAssignments'), createObject('value', variables('secretList')[copyIndex()].roleAssignments), createObject('value', createArray()))]", "enableDefaultTelemetry": { "value": "[variables('enableReferencedModulesTelemetry')]" @@ -816,7 +818,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "829178043317702363" + "templateHash": "3223693327720603920" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -905,7 +907,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } @@ -1094,7 +1096,9 @@ "keyOps": "[if(contains(parameters('keys')[copyIndex()], 'keyOps'), createObject('value', parameters('keys')[copyIndex()].keyOps), createObject('value', createArray()))]", "keySize": "[if(contains(parameters('keys')[copyIndex()], 'keySize'), createObject('value', parameters('keys')[copyIndex()].keySize), createObject('value', -1))]", "kty": "[if(contains(parameters('keys')[copyIndex()], 'kty'), createObject('value', parameters('keys')[copyIndex()].kty), createObject('value', 'EC'))]", - "tags": "[if(contains(parameters('keys')[copyIndex()], 'tags'), createObject('value', parameters('keys')[copyIndex()].tags), createObject('value', createObject()))]", + "tags": { + "value": "[coalesce(tryGet(parameters('keys')[copyIndex()], 'tags'), parameters('tags'))]" + }, "roleAssignments": "[if(contains(parameters('keys')[copyIndex()], 'roleAssignments'), createObject('value', parameters('keys')[copyIndex()].roleAssignments), createObject('value', createArray()))]", "enableDefaultTelemetry": { "value": "[variables('enableReferencedModulesTelemetry')]" @@ -1109,7 +1113,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15473816229466025012" + "templateHash": "2953672245031093442" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -1198,7 +1202,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/key-vault/vault/secret/README.md b/modules/key-vault/vault/secret/README.md index 46608a5240..93ae0de35b 100644 --- a/modules/key-vault/vault/secret/README.md +++ b/modules/key-vault/vault/secret/README.md @@ -163,7 +163,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Resource tags. - Required: No - Type: object -- Default: `{object}` ### Parameter: `value` diff --git a/modules/key-vault/vault/secret/main.bicep b/modules/key-vault/vault/secret/main.bicep index e20b690b6f..a8c2c954d7 100644 --- a/modules/key-vault/vault/secret/main.bicep +++ b/modules/key-vault/vault/secret/main.bicep @@ -9,7 +9,7 @@ param keyVaultName string param name string @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Determines whether the object is enabled.') param attributesEnabled bool = true diff --git a/modules/key-vault/vault/secret/main.json b/modules/key-vault/vault/secret/main.json index 18a714a470..58bf08f760 100644 --- a/modules/key-vault/vault/secret/main.json +++ b/modules/key-vault/vault/secret/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "829178043317702363" + "templateHash": "3223693327720603920" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -95,7 +95,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/logic/workflow/README.md b/modules/logic/workflow/README.md index c1fd8389ad..f1190e77fd 100644 --- a/modules/logic/workflow/README.md +++ b/modules/logic/workflow/README.md @@ -571,7 +571,6 @@ The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `triggersAccessControlConfiguration` diff --git a/modules/logic/workflow/main.bicep b/modules/logic/workflow/main.bicep index 42d7ede88b..825fc736ca 100644 --- a/modules/logic/workflow/main.bicep +++ b/modules/logic/workflow/main.bicep @@ -53,7 +53,7 @@ param roleAssignments roleAssignmentType param state string = 'Enabled' @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. The access control configuration for invoking workflow triggers.') param triggersAccessControlConfiguration object = {} diff --git a/modules/logic/workflow/main.json b/modules/logic/workflow/main.json index fe4b5ccdc9..da07232a4d 100644 --- a/modules/logic/workflow/main.json +++ b/modules/logic/workflow/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16480420514715732092" + "templateHash": "14033195005173426271" }, "name": "Logic Apps (Workflows)", "description": "This module deploys a Logic App (Workflow).", @@ -338,7 +338,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/machine-learning-services/workspace/README.md b/modules/machine-learning-services/workspace/README.md index 7432a94b53..e5915c0e53 100644 --- a/modules/machine-learning-services/workspace/README.md +++ b/modules/machine-learning-services/workspace/README.md @@ -1098,7 +1098,6 @@ Specifies the SKU, also referred as 'edition' of the Azure Machine Learning work Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/machine-learning-services/workspace/compute/README.md b/modules/machine-learning-services/workspace/compute/README.md index 0e8ebdd101..6970b0eab7 100644 --- a/modules/machine-learning-services/workspace/compute/README.md +++ b/modules/machine-learning-services/workspace/compute/README.md @@ -162,7 +162,6 @@ Specifies the sku, also referred as "edition". Required for creating a compute r Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/machine-learning-services/workspace/compute/main.bicep b/modules/machine-learning-services/workspace/compute/main.bicep index c71f7bc3a0..cb38e22d3e 100644 --- a/modules/machine-learning-services/workspace/compute/main.bicep +++ b/modules/machine-learning-services/workspace/compute/main.bicep @@ -30,7 +30,7 @@ param location string = resourceGroup().location param sku string = '' @sys.description('Optional. Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID.') -param tags object = {} +param tags object? @sys.description('Optional. Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists.') param deployCompute bool = true diff --git a/modules/machine-learning-services/workspace/compute/main.json b/modules/machine-learning-services/workspace/compute/main.json index c99c3b896e..6926b95f8a 100644 --- a/modules/machine-learning-services/workspace/compute/main.json +++ b/modules/machine-learning-services/workspace/compute/main.json @@ -75,7 +75,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID." } @@ -231,4 +231,4 @@ "value": "[reference('machineLearningWorkspaceCompute', '2022-10-01', 'full').location]" } } -} \ No newline at end of file +} diff --git a/modules/machine-learning-services/workspace/main.bicep b/modules/machine-learning-services/workspace/main.bicep index b8595ee7a5..59ba8665c4 100644 --- a/modules/machine-learning-services/workspace/main.bicep +++ b/modules/machine-learning-services/workspace/main.bicep @@ -51,7 +51,7 @@ param privateEndpoints privateEndpointType param computes array = [] @sys.description('Optional. Resource tags.') -param tags object = {} +param tags object? @sys.description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/machine-learning-services/workspace/main.json b/modules/machine-learning-services/workspace/main.json index e136bfc925..237cec9f6b 100644 --- a/modules/machine-learning-services/workspace/main.json +++ b/modules/machine-learning-services/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3846104626867448215" + "templateHash": "1113315079349561542" }, "name": "Machine Learning Services Workspaces", "description": "This module deploys a Machine Learning Services Workspace.", @@ -474,7 +474,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } @@ -773,7 +773,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12092776287732059217" + "templateHash": "4219662265444129565" }, "name": "Machine Learning Services Workspaces Computes", "description": "This module deploys a Machine Learning Services Workspaces Compute.\r\n\r\nAttaching a compute is not idempotent and will fail in case you try to redeploy over an existing compute in AML (see parameter `deployCompute`).", @@ -842,7 +842,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID." } diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index c30dd213ec..66a31f66ed 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -410,7 +410,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Gets or sets tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `visibility` diff --git a/modules/maintenance/maintenance-configuration/main.bicep b/modules/maintenance/maintenance-configuration/main.bicep index 7d90624ab9..e7e84e9106 100644 --- a/modules/maintenance/maintenance-configuration/main.bicep +++ b/modules/maintenance/maintenance-configuration/main.bicep @@ -42,7 +42,7 @@ param namespace string = '' param roleAssignments roleAssignmentType @description('Optional. Gets or sets tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Gets or sets the visibility of the configuration. The default value is \'Custom\'.') @allowed([ diff --git a/modules/maintenance/maintenance-configuration/main.json b/modules/maintenance/maintenance-configuration/main.json index 33019922ee..4dc124f346 100644 --- a/modules/maintenance/maintenance-configuration/main.json +++ b/modules/maintenance/maintenance-configuration/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8241237134482664102" + "templateHash": "14384863342174130916" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration.", @@ -176,7 +176,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Gets or sets tags of the resource." } diff --git a/modules/managed-identity/user-assigned-identity/README.md b/modules/managed-identity/user-assigned-identity/README.md index 1779464ca7..c2fdf977aa 100644 --- a/modules/managed-identity/user-assigned-identity/README.md +++ b/modules/managed-identity/user-assigned-identity/README.md @@ -317,7 +317,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/managed-identity/user-assigned-identity/main.bicep b/modules/managed-identity/user-assigned-identity/main.bicep index 1b1a737132..16903d6423 100644 --- a/modules/managed-identity/user-assigned-identity/main.bicep +++ b/modules/managed-identity/user-assigned-identity/main.bicep @@ -18,7 +18,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/managed-identity/user-assigned-identity/main.json b/modules/managed-identity/user-assigned-identity/main.json index 590f927f11..4e8baa2ed8 100644 --- a/modules/managed-identity/user-assigned-identity/main.json +++ b/modules/managed-identity/user-assigned-identity/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10195612761440584932" + "templateHash": "1438876956443234621" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity.", @@ -141,7 +141,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/net-app/net-app-account/README.md b/modules/net-app/net-app-account/README.md index 38a316bf45..5eeb4f4871 100644 --- a/modules/net-app/net-app-account/README.md +++ b/modules/net-app/net-app-account/README.md @@ -750,7 +750,6 @@ Required if domainName is specified. NetBIOS name of the SMB server. A computer Tags for all resources. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/net-app/net-app-account/capacity-pool/README.md b/modules/net-app/net-app-account/capacity-pool/README.md index f69ec8cc8c..bdeec9f849 100644 --- a/modules/net-app/net-app-account/capacity-pool/README.md +++ b/modules/net-app/net-app-account/capacity-pool/README.md @@ -182,7 +182,6 @@ Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (valu Tags for all resources. - Required: No - Type: object -- Default: `{object}` ### Parameter: `volumes` diff --git a/modules/net-app/net-app-account/capacity-pool/main.bicep b/modules/net-app/net-app-account/capacity-pool/main.bicep index c2b88a88d3..8b1910526a 100644 --- a/modules/net-app/net-app-account/capacity-pool/main.bicep +++ b/modules/net-app/net-app-account/capacity-pool/main.bicep @@ -12,7 +12,7 @@ param name string param location string = resourceGroup().location @description('Optional. Tags for all resources.') -param tags object = {} +param tags object? @description('Optional. The pool service level.') @allowed([ diff --git a/modules/net-app/net-app-account/capacity-pool/main.json b/modules/net-app/net-app-account/capacity-pool/main.json index 31a073b294..0582a97c81 100644 --- a/modules/net-app/net-app-account/capacity-pool/main.json +++ b/modules/net-app/net-app-account/capacity-pool/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14242430981421830183" + "templateHash": "5973731463189380166" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -102,7 +102,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags for all resources." } diff --git a/modules/net-app/net-app-account/main.bicep b/modules/net-app/net-app-account/main.bicep index ffd5558bf5..4017285445 100644 --- a/modules/net-app/net-app-account/main.bicep +++ b/modules/net-app/net-app-account/main.bicep @@ -40,7 +40,7 @@ param location string = resourceGroup().location param lock lockType @description('Optional. Tags for all resources.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -131,7 +131,7 @@ module netAppAccount_capacityPools 'capacity-pool/main.bicep' = [for (capacityPo coolAccess: contains(capacityPool, 'coolAccess') ? capacityPool.coolAccess : false roleAssignments: contains(capacityPool, 'roleAssignments') ? capacityPool.roleAssignments : [] encryptionType: contains(capacityPool, 'encryptionType') ? capacityPool.encryptionType : 'Single' - tags: contains(capacityPool, 'tags') ? capacityPool.tags : {} + tags: capacityPool.?tags ?? tags enableDefaultTelemetry: enableReferencedModulesTelemetry } }] diff --git a/modules/net-app/net-app-account/main.json b/modules/net-app/net-app-account/main.json index bba591714a..d6885dabd4 100644 --- a/modules/net-app/net-app-account/main.json +++ b/modules/net-app/net-app-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17236803464512744934" + "templateHash": "11827894918755245507" }, "name": "Azure NetApp Files", "description": "This module deploys an Azure NetApp File.", @@ -203,7 +203,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags for all resources." } @@ -332,7 +332,9 @@ "coolAccess": "[if(contains(parameters('capacityPools')[copyIndex()], 'coolAccess'), createObject('value', parameters('capacityPools')[copyIndex()].coolAccess), createObject('value', false()))]", "roleAssignments": "[if(contains(parameters('capacityPools')[copyIndex()], 'roleAssignments'), createObject('value', parameters('capacityPools')[copyIndex()].roleAssignments), createObject('value', createArray()))]", "encryptionType": "[if(contains(parameters('capacityPools')[copyIndex()], 'encryptionType'), createObject('value', parameters('capacityPools')[copyIndex()].encryptionType), createObject('value', 'Single'))]", - "tags": "[if(contains(parameters('capacityPools')[copyIndex()], 'tags'), createObject('value', parameters('capacityPools')[copyIndex()].tags), createObject('value', createObject()))]", + "tags": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'tags'), parameters('tags'))]" + }, "enableDefaultTelemetry": { "value": "[variables('enableReferencedModulesTelemetry')]" } @@ -345,7 +347,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14242430981421830183" + "templateHash": "5973731463189380166" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -441,7 +443,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags for all resources." } diff --git a/modules/network/application-gateway-web-application-firewall-policy/README.md b/modules/network/application-gateway-web-application-firewall-policy/README.md index 97b54c1336..368139a3d1 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/README.md +++ b/modules/network/application-gateway-web-application-firewall-policy/README.md @@ -194,7 +194,6 @@ The PolicySettings for policy. Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/application-gateway-web-application-firewall-policy/main.bicep b/modules/network/application-gateway-web-application-firewall-policy/main.bicep index d1592bfe16..d59777c07c 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/main.bicep +++ b/modules/network/application-gateway-web-application-firewall-policy/main.bicep @@ -9,7 +9,7 @@ param name string param location string = resourceGroup().location @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/application-gateway-web-application-firewall-policy/main.json b/modules/network/application-gateway-web-application-firewall-policy/main.json index 9c0a3caeb5..160f4e7b60 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/main.json +++ b/modules/network/application-gateway-web-application-firewall-policy/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1301728261383253712" + "templateHash": "5940192377706231381" }, "name": "Application Gateway Web Application Firewall (WAF) Policies", "description": "This module deploys an Application Gateway Web Application Firewall (WAF) Policy.", @@ -27,7 +28,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } @@ -61,8 +62,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -76,7 +77,7 @@ } } }, - { + "applicationGatewayWAFPolicy": { "type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -88,7 +89,7 @@ "policySettings": "[parameters('policySettings')]" } } - ], + }, "outputs": { "name": { "type": "string", @@ -116,7 +117,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('applicationGatewayWAFPolicy', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/application-gateway/README.md b/modules/network/application-gateway/README.md index 88340aa660..920ca3d003 100644 --- a/modules/network/application-gateway/README.md +++ b/modules/network/application-gateway/README.md @@ -1674,7 +1674,6 @@ SSL profiles of the application gateway resource. Resource tags. - Required: No - Type: object -- Default: `{object}` ### Parameter: `trustedClientCertificates` diff --git a/modules/network/application-gateway/main.bicep b/modules/network/application-gateway/main.bicep index 32ab52f5e2..1eb87c7cb8 100644 --- a/modules/network/application-gateway/main.bicep +++ b/modules/network/application-gateway/main.bicep @@ -199,7 +199,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits).') param backendSettingsCollection array = [] diff --git a/modules/network/application-gateway/main.json b/modules/network/application-gateway/main.json index 60170cfa02..6fbae8639c 100644 --- a/modules/network/application-gateway/main.json +++ b/modules/network/application-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9820071049711446778" + "templateHash": "11405752898435177586" }, "name": "Network Application Gateways", "description": "This module deploys a Network Application Gateway.", @@ -722,7 +722,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/network/application-security-group/README.md b/modules/network/application-security-group/README.md index 8dc312de2b..ad28b030eb 100644 --- a/modules/network/application-security-group/README.md +++ b/modules/network/application-security-group/README.md @@ -253,7 +253,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/application-security-group/main.bicep b/modules/network/application-security-group/main.bicep index 45732a77c4..3a60c91a26 100644 --- a/modules/network/application-security-group/main.bicep +++ b/modules/network/application-security-group/main.bicep @@ -15,7 +15,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/application-security-group/main.json b/modules/network/application-security-group/main.json index a8c2e42829..f6b82ac527 100644 --- a/modules/network/application-security-group/main.json +++ b/modules/network/application-security-group/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1514656226322598076" + "templateHash": "5654528138086993351" }, "name": "Application Security Groups (ASG)", "description": "This module deploys an Application Security Group (ASG).", @@ -133,7 +133,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/azure-firewall/README.md b/modules/network/azure-firewall/README.md index 8254d064ea..cda3fedb91 100644 --- a/modules/network/azure-firewall/README.md +++ b/modules/network/azure-firewall/README.md @@ -774,14 +774,13 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`firewallPolicyId`](#parameter-firewallpolicyid) | string | Resource ID of the Firewall Policy that should be attached. | -| [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | | [`location`](#parameter-location) | string | Location for all resources. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managementIPAddressObject`](#parameter-managementipaddressobject) | object | Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. | | [`managementIPResourceID`](#parameter-managementipresourceid) | string | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. | | [`natRuleCollections`](#parameter-natrulecollections) | array | Collection of NAT rule collections used by Azure Firewall. | | [`networkRuleCollections`](#parameter-networkrulecollections) | array | Collection of network rule collections used by Azure Firewall. | -| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. | +| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided. | | [`publicIPResourceID`](#parameter-publicipresourceid) | string | The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the Azure Firewall resource. | @@ -946,13 +945,6 @@ IP addresses associated with AzureFirewall. Required if `virtualHubId` is suppli - Type: object - Default: `{object}` -### Parameter: `isCreateDefaultPublicIP` - -Specifies if a Public IP should be created by default if one is not provided. -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `location` Location for all resources. @@ -1023,7 +1015,7 @@ Collection of network rule collections used by Azure Firewall. ### Parameter: `publicIPAddressObject` -Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. +Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided. - Required: No - Type: object - Default: `{object}` @@ -1108,7 +1100,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the Azure Firewall resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `threatIntelMode` diff --git a/modules/network/azure-firewall/main.bicep b/modules/network/azure-firewall/main.bicep index 2f019d752e..972abf72ac 100644 --- a/modules/network/azure-firewall/main.bicep +++ b/modules/network/azure-firewall/main.bicep @@ -22,11 +22,10 @@ param publicIPResourceID string = '' @description('Optional. This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration.') param additionalPublicIpConfigurations array = [] -@description('Optional. Specifies if a Public IP should be created by default if one is not provided.') -param isCreateDefaultPublicIP bool = true - -@description('Optional. Specifies the properties of the Public IP to create and be used by Azure Firewall. If it\'s not provided and publicIPResourceID is empty, a \'-pip\' suffix will be appended to the Firewall\'s name.') -param publicIPAddressObject object = {} +@description('Optional. Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided.') +param publicIPAddressObject object = { + name: '${name}-pip' +} @description('Optional. The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet.') param managementIPResourceID string = '' @@ -80,7 +79,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the Azure Firewall resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -93,7 +92,7 @@ var isCreateDefaultManagementIP = empty(managementIPResourceID) && requiresManag // Prep ipConfigurations object AzureFirewallSubnet for different uses cases: // 1. Use existing Public IP // 2. Use new Public IP created in this module -// 3. Do not use a Public IP if isCreateDefaultPublicIP is false +// 3. Do not use a Public IP if publicIPAddressObject is empty var additionalPublicIpConfigurationsVar = [for ipConfiguration in additionalPublicIpConfigurations: { name: ipConfiguration.name @@ -103,26 +102,19 @@ var additionalPublicIpConfigurationsVar = [for ipConfiguration in additionalPubl } : null } }] -var subnetVar = { - subnet: { - id: '${vNetId}/subnets/AzureFirewallSubnet' // The subnet name must be AzureFirewallSubnet - } -} -var existingPip = { - publicIPAddress: { - id: publicIPResourceID - } -} -var newPip = { - publicIPAddress: (empty(publicIPResourceID) && isCreateDefaultPublicIP) ? { - id: publicIPAddress.outputs.resourceId - } : null -} var ipConfigurations = concat([ { name: !empty(publicIPResourceID) ? last(split(publicIPResourceID, '/')) : publicIPAddress.outputs.name - //Use existing Public IP, new Public IP created in this module, or none if isCreateDefaultPublicIP is false - properties: union(subnetVar, !empty(publicIPResourceID) ? existingPip : {}, (isCreateDefaultPublicIP ? newPip : {})) + properties: union({ + subnet: { + id: '${vNetId}/subnets/AzureFirewallSubnet' // The subnet name must be AzureFirewallSubnet + } + }, (!empty(publicIPResourceID) || !empty(publicIPAddressObject)) ? { + //Use existing Public IP, new Public IP created in this module, or none if neither + publicIPAddress: { + id: !empty(publicIPResourceID) ? publicIPResourceID : publicIPAddress.outputs.resourceId + } + } : {}) } ], additionalPublicIpConfigurationsVar) @@ -131,25 +123,18 @@ var ipConfigurations = concat([ // 1. Use existing Management Public IP // 2. Use new Management Public IP created in this module -var managementSubnetVar = { - subnet: { - id: '${vNetId}/subnets/AzureFirewallManagementSubnet' // The subnet name must be AzureFirewallManagementSubnet for a 'Basic' SKU tier firewall - } -} -var existingMip = { - publicIPAddress: { - id: managementIPResourceID - } -} -var newMip = { - publicIPAddress: empty(managementIPResourceID) && isCreateDefaultManagementIP ? { - id: managementIPAddress.outputs.resourceId - } : null -} var managementIPConfiguration = { name: !empty(managementIPResourceID) ? last(split(managementIPResourceID, '/')) : managementIPAddress.outputs.name - //Use existing Management Public IP, new Management Public IP created in this module, or none if isCreateDefaultManagementIP is false - properties: union(managementSubnetVar, !empty(managementIPResourceID) ? existingMip : {}, (isCreateDefaultManagementIP ? newMip : {})) + properties: union({ + subnet: { + id: '${vNetId}/subnets/AzureFirewallManagementSubnet' // The subnet name must be AzureFirewallManagementSubnet for a 'Basic' SKU tier firewall + } + }, (!empty(publicIPResourceID) || !empty(managementIPAddressObject)) ? { + // Use existing Management Public IP, new Management Public IP created in this module, or none if neither + publicIPAddress: { + id: !empty(managementIPResourceID) ? managementIPResourceID : managementIPAddress.outputs.resourceId + } + } : {}) } // ---------------------------------------------------------------------------- @@ -176,11 +161,10 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -// create a Public IP address if one is not provided and the flag is true -module publicIPAddress '../../network/public-ip-address/main.bicep' = if (empty(publicIPResourceID) && isCreateDefaultPublicIP && azureSkuName == 'AZFW_VNet') { +module publicIPAddress '../../network/public-ip-address/main.bicep' = if (empty(publicIPResourceID) && azureSkuName == 'AZFW_VNet') { name: '${uniqueString(deployment().name, location)}-Firewall-PIP' params: { - name: contains(publicIPAddressObject, 'name') ? (!(empty(publicIPAddressObject.name)) ? publicIPAddressObject.name : '${name}-pip') : '${name}-pip' + name: publicIPAddressObject.name publicIPPrefixResourceId: contains(publicIPAddressObject, 'publicIPPrefixResourceId') ? (!(empty(publicIPAddressObject.publicIPPrefixResourceId)) ? publicIPAddressObject.publicIPPrefixResourceId : '') : '' publicIPAllocationMethod: contains(publicIPAddressObject, 'publicIPAllocationMethod') ? (!(empty(publicIPAddressObject.publicIPAllocationMethod)) ? publicIPAddressObject.publicIPAllocationMethod : 'Static') : 'Static' skuName: contains(publicIPAddressObject, 'skuName') ? (!(empty(publicIPAddressObject.skuName)) ? publicIPAddressObject.skuName : 'Standard') : 'Standard' @@ -189,14 +173,14 @@ module publicIPAddress '../../network/public-ip-address/main.bicep' = if (empty( diagnosticSettings: publicIPAddressObject.?diagnosticSettings location: location lock: lock - tags: tags + tags: publicIPAddressObject.?tags ?? tags zones: zones enableDefaultTelemetry: enableReferencedModulesTelemetry } } // create a Management Public IP address if one is not provided and the flag is true -module managementIPAddress '../../network/public-ip-address/main.bicep' = if (empty(managementIPResourceID) && isCreateDefaultManagementIP && azureSkuName == 'AZFW_VNet') { +module managementIPAddress '../../network/public-ip-address/main.bicep' = if (isCreateDefaultManagementIP && azureSkuName == 'AZFW_VNet') { name: '${uniqueString(deployment().name, location)}-Firewall-MIP' params: { name: contains(managementIPAddressObject, 'name') ? (!(empty(managementIPAddressObject.name)) ? managementIPAddressObject.name : '${name}-mip') : '${name}-mip' @@ -207,7 +191,7 @@ module managementIPAddress '../../network/public-ip-address/main.bicep' = if (em roleAssignments: contains(managementIPAddressObject, 'roleAssignments') ? (!empty(managementIPAddressObject.roleAssignments) ? managementIPAddressObject.roleAssignments : []) : [] diagnosticSettings: managementIPAddressObject.?diagnosticSettings location: location - tags: tags + tags: managementIPAddressObject.?tags ?? tags zones: zones enableDefaultTelemetry: enableReferencedModulesTelemetry } @@ -245,10 +229,6 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2023-04-01' = { id: virtualHubId } : null } - dependsOn: [ - publicIPAddress - managementIPAddress - ] } resource azureFirewall_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { diff --git a/modules/network/azure-firewall/main.json b/modules/network/azure-firewall/main.json index aecc1a207e..786b73a652 100644 --- a/modules/network/azure-firewall/main.json +++ b/modules/network/azure-firewall/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1602793414373969673" + "templateHash": "3800476164049795980" }, "name": "Azure Firewalls", "description": "This module deploys an Azure Firewall.", @@ -251,18 +251,13 @@ "description": "Optional. This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration." } }, - "isCreateDefaultPublicIP": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Specifies if a Public IP should be created by default if one is not provided." - } - }, "publicIPAddressObject": { "type": "object", - "defaultValue": {}, + "defaultValue": { + "name": "[format('{0}-pip', parameters('name'))]" + }, "metadata": { - "description": "Optional. Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name." + "description": "Optional. Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided." } }, "managementIPResourceID": { @@ -371,7 +366,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the Azure Firewall resource." } @@ -400,26 +395,6 @@ "azureSkuName": "[if(empty(parameters('vNetId')), 'AZFW_Hub', 'AZFW_VNet')]", "requiresManagementIp": "[if(equals(parameters('azureSkuTier'), 'Basic'), true(), false())]", "isCreateDefaultManagementIP": "[and(empty(parameters('managementIPResourceID')), variables('requiresManagementIp'))]", - "subnetVar": { - "subnet": { - "id": "[format('{0}/subnets/AzureFirewallSubnet', parameters('vNetId'))]" - } - }, - "existingPip": { - "publicIPAddress": { - "id": "[parameters('publicIPResourceID')]" - } - }, - "managementSubnetVar": { - "subnet": { - "id": "[format('{0}/subnets/AzureFirewallManagementSubnet', parameters('vNetId'))]" - } - }, - "existingMip": { - "publicIPAddress": { - "id": "[parameters('managementIPResourceID')]" - } - }, "enableReferencedModulesTelemetry": false, "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -451,7 +426,7 @@ "location": "[parameters('location')]", "zones": "[if(equals(length(parameters('zones')), 0), null(), parameters('zones'))]", "tags": "[parameters('tags')]", - "properties": "[if(equals(variables('azureSkuName'), 'AZFW_VNet'), createObject('threatIntelMode', parameters('threatIntelMode'), 'firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'ipConfigurations', concat(createArray(createObject('name', if(not(empty(parameters('publicIPResourceID'))), last(split(parameters('publicIPResourceID'), '/')), reference('publicIPAddress').outputs.name.value), 'properties', union(variables('subnetVar'), if(not(empty(parameters('publicIPResourceID'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), createObject('id', reference('publicIPAddress').outputs.resourceId.value), null())), createObject())))), variables('additionalPublicIpConfigurationsVar')), 'managementIpConfiguration', if(variables('requiresManagementIp'), createObject('name', if(not(empty(parameters('managementIPResourceID'))), last(split(parameters('managementIPResourceID'), '/')), reference('managementIPAddress').outputs.name.value), 'properties', union(variables('managementSubnetVar'), if(not(empty(parameters('managementIPResourceID'))), variables('existingMip'), createObject()), if(variables('isCreateDefaultManagementIP'), createObject('publicIPAddress', if(and(empty(parameters('managementIPResourceID')), variables('isCreateDefaultManagementIP')), createObject('id', reference('managementIPAddress').outputs.resourceId.value), null())), createObject()))), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'applicationRuleCollections', parameters('applicationRuleCollections'), 'natRuleCollections', parameters('natRuleCollections'), 'networkRuleCollections', parameters('networkRuleCollections')), createObject('firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'hubIPAddresses', if(not(empty(parameters('hubIPAddresses'))), parameters('hubIPAddresses'), null()), 'virtualHub', if(not(empty(parameters('virtualHubId'))), createObject('id', parameters('virtualHubId')), null())))]", + "properties": "[if(equals(variables('azureSkuName'), 'AZFW_VNet'), createObject('threatIntelMode', parameters('threatIntelMode'), 'firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'ipConfigurations', concat(createArray(createObject('name', if(not(empty(parameters('publicIPResourceID'))), last(split(parameters('publicIPResourceID'), '/')), reference('publicIPAddress').outputs.name.value), 'properties', union(createObject('subnet', createObject('id', format('{0}/subnets/AzureFirewallSubnet', parameters('vNetId')))), if(or(not(empty(parameters('publicIPResourceID'))), not(empty(parameters('publicIPAddressObject')))), createObject('publicIPAddress', createObject('id', if(not(empty(parameters('publicIPResourceID'))), parameters('publicIPResourceID'), reference('publicIPAddress').outputs.resourceId.value))), createObject())))), variables('additionalPublicIpConfigurationsVar')), 'managementIpConfiguration', if(variables('requiresManagementIp'), createObject('name', if(not(empty(parameters('managementIPResourceID'))), last(split(parameters('managementIPResourceID'), '/')), reference('managementIPAddress').outputs.name.value), 'properties', union(createObject('subnet', createObject('id', format('{0}/subnets/AzureFirewallManagementSubnet', parameters('vNetId')))), if(or(not(empty(parameters('publicIPResourceID'))), not(empty(parameters('managementIPAddressObject')))), createObject('publicIPAddress', createObject('id', if(not(empty(parameters('managementIPResourceID'))), parameters('managementIPResourceID'), reference('managementIPAddress').outputs.resourceId.value))), createObject()))), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'applicationRuleCollections', parameters('applicationRuleCollections'), 'natRuleCollections', parameters('natRuleCollections'), 'networkRuleCollections', parameters('networkRuleCollections')), createObject('firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'hubIPAddresses', if(not(empty(parameters('hubIPAddresses'))), parameters('hubIPAddresses'), null()), 'virtualHub', if(not(empty(parameters('virtualHubId'))), createObject('id', parameters('virtualHubId')), null())))]", "dependsOn": [ "managementIPAddress", "publicIPAddress" @@ -517,7 +492,7 @@ ] }, "publicIPAddress": { - "condition": "[and(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), equals(variables('azureSkuName'), 'AZFW_VNet'))]", + "condition": "[and(empty(parameters('publicIPResourceID')), equals(variables('azureSkuName'), 'AZFW_VNet'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))]", @@ -527,7 +502,9 @@ }, "mode": "Incremental", "parameters": { - "name": "[if(contains(parameters('publicIPAddressObject'), 'name'), if(not(empty(parameters('publicIPAddressObject').name)), createObject('value', parameters('publicIPAddressObject').name), createObject('value', format('{0}-pip', parameters('name')))), createObject('value', format('{0}-pip', parameters('name'))))]", + "name": { + "value": "[parameters('publicIPAddressObject').name]" + }, "publicIPPrefixResourceId": "[if(contains(parameters('publicIPAddressObject'), 'publicIPPrefixResourceId'), if(not(empty(parameters('publicIPAddressObject').publicIPPrefixResourceId)), createObject('value', parameters('publicIPAddressObject').publicIPPrefixResourceId), createObject('value', '')), createObject('value', ''))]", "publicIPAllocationMethod": "[if(contains(parameters('publicIPAddressObject'), 'publicIPAllocationMethod'), if(not(empty(parameters('publicIPAddressObject').publicIPAllocationMethod)), createObject('value', parameters('publicIPAddressObject').publicIPAllocationMethod), createObject('value', 'Static')), createObject('value', 'Static'))]", "skuName": "[if(contains(parameters('publicIPAddressObject'), 'skuName'), if(not(empty(parameters('publicIPAddressObject').skuName)), createObject('value', parameters('publicIPAddressObject').skuName), createObject('value', 'Standard')), createObject('value', 'Standard'))]", @@ -543,7 +520,7 @@ "value": "[parameters('lock')]" }, "tags": { - "value": "[parameters('tags')]" + "value": "[coalesce(tryGet(parameters('publicIPAddressObject'), 'tags'), parameters('tags'))]" }, "zones": { "value": "[parameters('zones')]" @@ -560,7 +537,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "968771326214380550" + "templateHash": "18404193892947466906" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -899,7 +876,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -1051,7 +1028,7 @@ } }, "managementIPAddress": { - "condition": "[and(and(empty(parameters('managementIPResourceID')), variables('isCreateDefaultManagementIP')), equals(variables('azureSkuName'), 'AZFW_VNet'))]", + "condition": "[and(variables('isCreateDefaultManagementIP'), equals(variables('azureSkuName'), 'AZFW_VNet'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-Firewall-MIP', uniqueString(deployment().name, parameters('location')))]", @@ -1074,7 +1051,7 @@ "value": "[parameters('location')]" }, "tags": { - "value": "[parameters('tags')]" + "value": "[coalesce(tryGet(parameters('managementIPAddressObject'), 'tags'), parameters('tags'))]" }, "zones": { "value": "[parameters('zones')]" @@ -1091,7 +1068,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "968771326214380550" + "templateHash": "18404193892947466906" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -1430,7 +1407,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/bastion-host/README.md b/modules/network/bastion-host/README.md index 3ae0c7066a..e0c9205ba4 100644 --- a/modules/network/bastion-host/README.md +++ b/modules/network/bastion-host/README.md @@ -373,10 +373,9 @@ module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { | [`enableIpConnect`](#parameter-enableipconnect) | bool | Choose to disable or enable IP Connect. | | [`enableKerberos`](#parameter-enablekerberos) | bool | Choose to disable or enable Kerberos authentication. | | [`enableShareableLink`](#parameter-enableshareablelink) | bool | Choose to disable or enable Shareable Link. | -| [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | | [`location`](#parameter-location) | string | Location for all resources. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | -| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. | +| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`scaleUnits`](#parameter-scaleunits) | int | The scale units for the Bastion Host resource. | | [`skuName`](#parameter-skuname) | string | The SKU of this Bastion Host. | @@ -526,13 +525,6 @@ Choose to disable or enable Shareable Link. - Type: bool - Default: `False` -### Parameter: `isCreateDefaultPublicIP` - -Specifies if a Public IP should be created by default if one is not provided. -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `location` Location for all resources. @@ -575,7 +567,7 @@ Name of the Azure Bastion resource. ### Parameter: `publicIPAddressObject` -Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. +Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided. - Required: No - Type: object - Default: `{object}` @@ -668,7 +660,6 @@ The SKU of this Bastion Host. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `vNetId` diff --git a/modules/network/bastion-host/main.bicep b/modules/network/bastion-host/main.bicep index 82f6b39350..2761e76455 100644 --- a/modules/network/bastion-host/main.bicep +++ b/modules/network/bastion-host/main.bicep @@ -14,11 +14,10 @@ param vNetId string @description('Optional. The Public IP resource ID to associate to the azureBastionSubnet. If empty, then the Public IP that is created as part of this module will be applied to the azureBastionSubnet.') param bastionSubnetPublicIpResourceId string = '' -@description('Optional. Specifies if a Public IP should be created by default if one is not provided.') -param isCreateDefaultPublicIP bool = true - -@description('Optional. Specifies the properties of the Public IP to create and be used by Azure Bastion. If it\'s not provided and publicIPAddressResourceId is empty, a \'-pip\' suffix will be appended to the Bastion\'s name.') -param publicIPAddressObject object = {} +@description('Optional. Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided.') +param publicIPAddressObject object = { + name: '${name}-pip' +} @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingType @@ -55,41 +54,28 @@ param scaleUnits int = 2 param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -var enableTunneling = skuName == 'Standard' ? true : null - -var scaleUnitsVar = skuName == 'Basic' ? 2 : scaleUnits - // ---------------------------------------------------------------------------- // Prep ipConfigurations object AzureBastionSubnet for different uses cases: // 1. Use existing Public IP // 2. Use new Public IP created in this module -// 3. Do not use a Public IP if isCreateDefaultPublicIP is false -var subnetVar = { - subnet: { - id: '${vNetId}/subnets/AzureBastionSubnet' // The subnet name must be AzureBastionSubnet - } -} -var existingPip = { - publicIPAddress: { - id: bastionSubnetPublicIpResourceId - } -} -var newPip = { - publicIPAddress: (empty(bastionSubnetPublicIpResourceId) && isCreateDefaultPublicIP) ? { - id: publicIPAddress.outputs.resourceId - } : null -} - var ipConfigurations = [ { name: 'IpConfAzureBastionSubnet' - //Use existing Public IP, new Public IP created in this module, or none if isCreateDefaultPublicIP is false - properties: union(subnetVar, !empty(bastionSubnetPublicIpResourceId) ? existingPip : {}, (isCreateDefaultPublicIP ? newPip : {})) + properties: union({ + subnet: { + id: '${vNetId}/subnets/AzureBastionSubnet' // The subnet name must be AzureBastionSubnet + } + }, { + //Use existing Public IP, new Public IP created in this module + publicIPAddress: { + id: !empty(bastionSubnetPublicIpResourceId) ? bastionSubnetPublicIpResourceId : publicIPAddress.outputs.resourceId + } + }) } ] @@ -98,48 +84,11 @@ var enableReferencedModulesTelemetry = false // ---------------------------------------------------------------------------- var builtInRoleNames = { - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Azure Center for SAP solutions administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7') - 'Azure Center for SAP solutions reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b') - 'Azure Center for SAP solutions service role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138') - 'Azure Kubernetes Service Policy Add-on Deployment': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') - 'Desktop Virtualization Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'DNS Resolver Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d') - 'DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314') - 'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') - 'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') - 'Domain Services Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb') - 'LocalNGFirewallAdministrator role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'Traffic Manager Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7') 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') - 'Windows Admin Center Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f') } resource defaultTelemetry 'Microsoft.Resources/deployments@2022-09-01' = if (enableDefaultTelemetry) { @@ -154,10 +103,10 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2022-09-01' = if (ena } } -module publicIPAddress '../public-ip-address/main.bicep' = if (empty(bastionSubnetPublicIpResourceId) && isCreateDefaultPublicIP) { +module publicIPAddress '../public-ip-address/main.bicep' = if (empty(bastionSubnetPublicIpResourceId)) { name: '${uniqueString(deployment().name, location)}-Bastion-PIP' params: { - name: contains(publicIPAddressObject, 'name') ? publicIPAddressObject.name : '${name}-pip' + name: publicIPAddressObject.name enableDefaultTelemetry: enableReferencedModulesTelemetry location: location lock: lock @@ -168,25 +117,23 @@ module publicIPAddress '../public-ip-address/main.bicep' = if (empty(bastionSubn roleAssignments: contains(publicIPAddressObject, 'roleAssignments') ? publicIPAddressObject.roleAssignments : [] skuName: contains(publicIPAddressObject, 'skuName') ? publicIPAddressObject.skuName : 'Standard' skuTier: contains(publicIPAddressObject, 'skuTier') ? publicIPAddressObject.skuTier : 'Regional' - tags: tags + tags: publicIPAddressObject.?tags ?? tags zones: contains(publicIPAddressObject, 'zones') ? publicIPAddressObject.zones : [] } } -var bastionpropertiesVar = skuName == 'Standard' ? { - scaleUnits: scaleUnitsVar - ipConfigurations: ipConfigurations - enableTunneling: enableTunneling - disableCopyPaste: disableCopyPaste - enableFileCopy: enableFileCopy - enableIpConnect: enableIpConnect - enableKerberos: enableKerberos - enableShareableLink: enableShareableLink -} : { - scaleUnits: scaleUnitsVar - ipConfigurations: ipConfigurations - enableKerberos: enableKerberos -} +var bastionpropertiesVar = union({ + scaleUnits: skuName == 'Basic' ? 2 : scaleUnits + ipConfigurations: ipConfigurations + enableKerberos: enableKerberos + }, (skuName == 'Standard' ? { + enableTunneling: skuName == 'Standard' + disableCopyPaste: disableCopyPaste + enableFileCopy: enableFileCopy + enableIpConnect: enableIpConnect + enableShareableLink: enableShareableLink + } : {}) +) resource azureBastion 'Microsoft.Network/bastionHosts@2022-11-01' = { name: name diff --git a/modules/network/bastion-host/main.json b/modules/network/bastion-host/main.json index 1c89cc7c02..a5fd8c192b 100644 --- a/modules/network/bastion-host/main.json +++ b/modules/network/bastion-host/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10859343620661687019" + "templateHash": "387274338478290784" }, "name": "Bastion Hosts", "description": "This module deploys a Bastion Host.", @@ -220,18 +220,13 @@ "description": "Optional. The Public IP resource ID to associate to the azureBastionSubnet. If empty, then the Public IP that is created as part of this module will be applied to the azureBastionSubnet." } }, - "isCreateDefaultPublicIP": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Specifies if a Public IP should be created by default if one is not provided." - } - }, "publicIPAddressObject": { "type": "object", - "defaultValue": {}, + "defaultValue": { + "name": "[format('{0}-pip', parameters('name'))]" + }, "metadata": { - "description": "Optional. Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name." + "description": "Optional. Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided." } }, "diagnosticSettings": { @@ -307,7 +302,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -321,62 +316,13 @@ } }, "variables": { - "enableTunneling": "[if(equals(parameters('skuName'), 'Standard'), true(), null())]", - "scaleUnitsVar": "[if(equals(parameters('skuName'), 'Basic'), 2, parameters('scaleUnits'))]", - "subnetVar": { - "subnet": { - "id": "[format('{0}/subnets/AzureBastionSubnet', parameters('vNetId'))]" - } - }, - "existingPip": { - "publicIPAddress": { - "id": "[parameters('bastionSubnetPublicIpResourceId')]" - } - }, "enableReferencedModulesTelemetry": false, "builtInRoleNames": { - "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", - "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", - "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", - "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", - "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", - "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" } }, "resources": { @@ -403,7 +349,7 @@ "sku": { "name": "[parameters('skuName')]" }, - "properties": "[if(equals(parameters('skuName'), 'Standard'), createObject('scaleUnits', variables('scaleUnitsVar'), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(variables('subnetVar'), if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP')), createObject('id', reference('publicIPAddress').outputs.resourceId.value), null())), createObject())))), 'enableTunneling', variables('enableTunneling'), 'disableCopyPaste', parameters('disableCopyPaste'), 'enableFileCopy', parameters('enableFileCopy'), 'enableIpConnect', parameters('enableIpConnect'), 'enableKerberos', parameters('enableKerberos'), 'enableShareableLink', parameters('enableShareableLink')), createObject('scaleUnits', variables('scaleUnitsVar'), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(variables('subnetVar'), if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP')), createObject('id', reference('publicIPAddress').outputs.resourceId.value), null())), createObject())))), 'enableKerberos', parameters('enableKerberos')))]", + "properties": "[union(createObject('scaleUnits', if(equals(parameters('skuName'), 'Basic'), 2, parameters('scaleUnits')), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(createObject('subnet', createObject('id', format('{0}/subnets/AzureBastionSubnet', parameters('vNetId')))), createObject('publicIPAddress', createObject('id', if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), parameters('bastionSubnetPublicIpResourceId'), reference('publicIPAddress').outputs.resourceId.value)))))), 'enableKerberos', parameters('enableKerberos')), if(equals(parameters('skuName'), 'Standard'), createObject('enableTunneling', equals(parameters('skuName'), 'Standard'), 'disableCopyPaste', parameters('disableCopyPaste'), 'enableFileCopy', parameters('enableFileCopy'), 'enableIpConnect', parameters('enableIpConnect'), 'enableShareableLink', parameters('enableShareableLink')), createObject()))]", "dependsOn": [ "publicIPAddress" ] @@ -467,7 +413,7 @@ ] }, "publicIPAddress": { - "condition": "[and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP'))]", + "condition": "[empty(parameters('bastionSubnetPublicIpResourceId'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-Bastion-PIP', uniqueString(deployment().name, parameters('location')))]", @@ -477,7 +423,9 @@ }, "mode": "Incremental", "parameters": { - "name": "[if(contains(parameters('publicIPAddressObject'), 'name'), createObject('value', parameters('publicIPAddressObject').name), createObject('value', format('{0}-pip', parameters('name'))))]", + "name": { + "value": "[parameters('publicIPAddressObject').name]" + }, "enableDefaultTelemetry": { "value": "[variables('enableReferencedModulesTelemetry')]" }, @@ -497,7 +445,7 @@ "skuName": "[if(contains(parameters('publicIPAddressObject'), 'skuName'), createObject('value', parameters('publicIPAddressObject').skuName), createObject('value', 'Standard'))]", "skuTier": "[if(contains(parameters('publicIPAddressObject'), 'skuTier'), createObject('value', parameters('publicIPAddressObject').skuTier), createObject('value', 'Regional'))]", "tags": { - "value": "[parameters('tags')]" + "value": "[coalesce(tryGet(parameters('publicIPAddressObject'), 'tags'), parameters('tags'))]" }, "zones": "[if(contains(parameters('publicIPAddressObject'), 'zones'), createObject('value', parameters('publicIPAddressObject').zones), createObject('value', createArray()))]" }, @@ -509,7 +457,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "968771326214380550" + "templateHash": "18404193892947466906" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -848,7 +796,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/connection/README.md b/modules/network/connection/README.md index f43ea0a938..cc392ea1ae 100644 --- a/modules/network/connection/README.md +++ b/modules/network/connection/README.md @@ -297,7 +297,6 @@ The weight added to routes learned from this BGP speaker. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `useLocalAzureIpAddress` diff --git a/modules/network/connection/main.bicep b/modules/network/connection/main.bicep index 0cdd0d0a83..9668f3762c 100644 --- a/modules/network/connection/main.bicep +++ b/modules/network/connection/main.bicep @@ -75,7 +75,7 @@ param routingWeight int = -1 param lock lockType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/connection/main.json b/modules/network/connection/main.json index 1166323e83..06b806ec90 100644 --- a/modules/network/connection/main.json +++ b/modules/network/connection/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10325872136554369855" + "templateHash": "12513996667923008520" }, "name": "Virtual Network Gateway Connections", "description": "This module deploys a Virtual Network Gateway Connection.", @@ -171,7 +171,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/ddos-protection-plan/README.md b/modules/network/ddos-protection-plan/README.md index fcb623a87a..c8ba05f4e5 100644 --- a/modules/network/ddos-protection-plan/README.md +++ b/modules/network/ddos-protection-plan/README.md @@ -302,7 +302,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/ddos-protection-plan/main.bicep b/modules/network/ddos-protection-plan/main.bicep index 7cb5d14c7b..94e9b8b8d2 100644 --- a/modules/network/ddos-protection-plan/main.bicep +++ b/modules/network/ddos-protection-plan/main.bicep @@ -16,7 +16,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/ddos-protection-plan/main.json b/modules/network/ddos-protection-plan/main.json index eeeab32e03..8aaaa921fd 100644 --- a/modules/network/ddos-protection-plan/main.json +++ b/modules/network/ddos-protection-plan/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4054513314022675341" + "templateHash": "10546222584302877653" }, "name": "DDoS Protection Plans", "description": "This module deploys a DDoS Protection Plan.", @@ -134,7 +134,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/dns-forwarding-ruleset/README.md b/modules/network/dns-forwarding-ruleset/README.md index b846abe7d3..1010b3a887 100644 --- a/modules/network/dns-forwarding-ruleset/README.md +++ b/modules/network/dns-forwarding-ruleset/README.md @@ -374,7 +374,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `vNetLinks` diff --git a/modules/network/dns-forwarding-ruleset/main.bicep b/modules/network/dns-forwarding-ruleset/main.bicep index 83781a4051..08d813c8ac 100644 --- a/modules/network/dns-forwarding-ruleset/main.bicep +++ b/modules/network/dns-forwarding-ruleset/main.bicep @@ -16,7 +16,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Required. The reference to the DNS resolver outbound endpoints that are used to route DNS queries matching the forwarding rules in the ruleset to the target DNS servers.') param dnsResolverOutboundEndpointResourceIds array diff --git a/modules/network/dns-forwarding-ruleset/main.json b/modules/network/dns-forwarding-ruleset/main.json index fc7f737bbb..18a95ff4a7 100644 --- a/modules/network/dns-forwarding-ruleset/main.json +++ b/modules/network/dns-forwarding-ruleset/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6979780770360614224" + "templateHash": "606770546796558268" }, "name": "Dns Forwarding Rulesets", "description": "This template deploys an dns forwarding ruleset.", @@ -134,7 +134,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/dns-resolver/README.md b/modules/network/dns-resolver/README.md index 992d53a5c0..1b22bfc083 100644 --- a/modules/network/dns-resolver/README.md +++ b/modules/network/dns-resolver/README.md @@ -280,7 +280,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `virtualNetworkId` diff --git a/modules/network/dns-resolver/main.bicep b/modules/network/dns-resolver/main.bicep index 59c079f6d7..01824b9031 100644 --- a/modules/network/dns-resolver/main.bicep +++ b/modules/network/dns-resolver/main.bicep @@ -16,7 +16,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Required. ResourceId of the virtual network to attach the Private DNS Resolver to.') param virtualNetworkId string diff --git a/modules/network/dns-resolver/main.json b/modules/network/dns-resolver/main.json index dbedeac136..f865583ec3 100644 --- a/modules/network/dns-resolver/main.json +++ b/modules/network/dns-resolver/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12605363186151510083" + "templateHash": "1368516182536244739" }, "name": "DNS Resolvers", "description": "This module deploys a DNS Resolver.", @@ -134,7 +134,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/dns-zone/README.md b/modules/network/dns-zone/README.md index bf589f09c1..425088daa7 100644 --- a/modules/network/dns-zone/README.md +++ b/modules/network/dns-zone/README.md @@ -701,7 +701,6 @@ Array of SRV records. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `txt` diff --git a/modules/network/dns-zone/main.bicep b/modules/network/dns-zone/main.bicep index 61c03dc82a..4babf6c81c 100644 --- a/modules/network/dns-zone/main.bicep +++ b/modules/network/dns-zone/main.bicep @@ -44,7 +44,7 @@ param location string = 'global' param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. The lock settings of the service.') param lock lockType diff --git a/modules/network/dns-zone/main.json b/modules/network/dns-zone/main.json index 735a3f2f26..588848d689 100644 --- a/modules/network/dns-zone/main.json +++ b/modules/network/dns-zone/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1680239342296037315" + "templateHash": "14383961739979857836" }, "name": "Public DNS Zones", "description": "This module deploys a Public DNS zone.", @@ -199,7 +199,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/express-route-circuit/README.md b/modules/network/express-route-circuit/README.md index a31e5f3969..4bd12d9edc 100644 --- a/modules/network/express-route-circuit/README.md +++ b/modules/network/express-route-circuit/README.md @@ -606,7 +606,6 @@ Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `vlanId` diff --git a/modules/network/express-route-circuit/main.bicep b/modules/network/express-route-circuit/main.bicep index e9dbfd0122..15ee9e0804 100644 --- a/modules/network/express-route-circuit/main.bicep +++ b/modules/network/express-route-circuit/main.bicep @@ -79,7 +79,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/express-route-circuit/main.json b/modules/network/express-route-circuit/main.json index f350e468f8..bdcfd8633a 100644 --- a/modules/network/express-route-circuit/main.json +++ b/modules/network/express-route-circuit/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6885952073630597442" + "templateHash": "3204607868859274788" }, "name": "ExpressRoute Circuits", "description": "This module deploys an Express Route Circuit.", @@ -367,7 +367,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/express-route-gateway/README.md b/modules/network/express-route-gateway/README.md index 91a977399f..60d5d55775 100644 --- a/modules/network/express-route-gateway/README.md +++ b/modules/network/express-route-gateway/README.md @@ -349,7 +349,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the Firewall policy resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `virtualHubId` diff --git a/modules/network/express-route-gateway/main.bicep b/modules/network/express-route-gateway/main.bicep index dbb6fef291..91534744a2 100644 --- a/modules/network/express-route-gateway/main.bicep +++ b/modules/network/express-route-gateway/main.bicep @@ -9,7 +9,7 @@ param name string param location string = resourceGroup().location @description('Optional. Tags of the Firewall policy resource.') -param tags object = {} +param tags object? @description('Optional. Configures this gateway to accept traffic from non Virtual WAN networks.') param allowNonVirtualWanTraffic bool = false diff --git a/modules/network/express-route-gateway/main.json b/modules/network/express-route-gateway/main.json index 17e2edaeb5..d2746f5621 100644 --- a/modules/network/express-route-gateway/main.json +++ b/modules/network/express-route-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8352062821101863575" + "templateHash": "14898040937418721724" }, "name": "Express Route Gateways", "description": "This module deploys an Express Route Gateway.", @@ -121,7 +121,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the Firewall policy resource." } diff --git a/modules/network/firewall-policy/README.md b/modules/network/firewall-policy/README.md index 4e48c3b55c..fdc06817f0 100644 --- a/modules/network/firewall-policy/README.md +++ b/modules/network/firewall-policy/README.md @@ -424,7 +424,6 @@ List of specific signatures states. Tags of the Firewall policy resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `threatIntelMode` diff --git a/modules/network/firewall-policy/main.bicep b/modules/network/firewall-policy/main.bicep index 6c4a638446..d6bd78a7ec 100644 --- a/modules/network/firewall-policy/main.bicep +++ b/modules/network/firewall-policy/main.bicep @@ -9,7 +9,7 @@ param name string param location string = resourceGroup().location @description('Optional. Tags of the Firewall policy resource.') -param tags object = {} +param tags object? @description('Optional. The managed identity definition for this resource.') param managedIdentities managedIdentitiesType diff --git a/modules/network/firewall-policy/main.json b/modules/network/firewall-policy/main.json index aa93b198e2..57d929a7eb 100644 --- a/modules/network/firewall-policy/main.json +++ b/modules/network/firewall-policy/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "411576668957997252" + "templateHash": "14139283479148965374" }, "name": "Firewall Policies", "description": "This module deploys a Firewall Policy.", @@ -45,7 +45,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the Firewall policy resource." } diff --git a/modules/network/front-door-web-application-firewall-policy/README.md b/modules/network/front-door-web-application-firewall-policy/README.md index e92ec90d70..81f51e5a93 100644 --- a/modules/network/front-door-web-application-firewall-policy/README.md +++ b/modules/network/front-door-web-application-firewall-policy/README.md @@ -469,7 +469,6 @@ The pricing tier of the WAF profile. Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/front-door-web-application-firewall-policy/main.bicep b/modules/network/front-door-web-application-firewall-policy/main.bicep index fde3401f7c..9ba8e942e5 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.bicep +++ b/modules/network/front-door-web-application-firewall-policy/main.bicep @@ -18,7 +18,7 @@ param location string = 'global' param sku string = 'Standard_AzureFrontDoor' @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/front-door-web-application-firewall-policy/main.json b/modules/network/front-door-web-application-firewall-policy/main.json index 037bc87efb..ab41c5bfa9 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.json +++ b/modules/network/front-door-web-application-firewall-policy/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16196358261363679288" + "templateHash": "17032186144877035425" }, "name": "Front Door Web Application Firewall (WAF) Policies", "description": "This module deploys a Front Door Web Application Firewall (WAF) Policy.", @@ -134,7 +134,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/network/front-door/README.md b/modules/network/front-door/README.md index 8bbd416cfb..4513ff0e12 100644 --- a/modules/network/front-door/README.md +++ b/modules/network/front-door/README.md @@ -846,7 +846,6 @@ Certificate name check time of the frontdoor resource. Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/front-door/main.bicep b/modules/network/front-door/main.bicep index 5421adb3bb..f733e394ef 100644 --- a/modules/network/front-door/main.bicep +++ b/modules/network/front-door/main.bicep @@ -17,7 +17,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/front-door/main.json b/modules/network/front-door/main.json index 5c73c7964c..633202d39a 100644 --- a/modules/network/front-door/main.json +++ b/modules/network/front-door/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10762765497515321420" + "templateHash": "2830838705545746095" }, "name": "Azure Front Doors", "description": "This module deploys an Azure Front Door.", @@ -241,7 +241,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/network/ip-group/README.md b/modules/network/ip-group/README.md index c81eb57f92..343b00bb29 100644 --- a/modules/network/ip-group/README.md +++ b/modules/network/ip-group/README.md @@ -320,7 +320,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Resource tags. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/ip-group/main.bicep b/modules/network/ip-group/main.bicep index 7443bef583..ae0ca58c7d 100644 --- a/modules/network/ip-group/main.bicep +++ b/modules/network/ip-group/main.bicep @@ -19,7 +19,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/ip-group/main.json b/modules/network/ip-group/main.json index 347b80b7b6..e9dc0c6cbc 100644 --- a/modules/network/ip-group/main.json +++ b/modules/network/ip-group/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17427239082953045444" + "templateHash": "9765196609767428090" }, "name": "IP Groups", "description": "This module deploys an IP Group.", @@ -141,7 +141,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/network/load-balancer/README.md b/modules/network/load-balancer/README.md index 22214ac791..f372102f21 100644 --- a/modules/network/load-balancer/README.md +++ b/modules/network/load-balancer/README.md @@ -892,7 +892,6 @@ Name of a load balancer SKU. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/load-balancer/main.bicep b/modules/network/load-balancer/main.bicep index adf7d97ea2..13908c3b92 100644 --- a/modules/network/load-balancer/main.bicep +++ b/modules/network/load-balancer/main.bicep @@ -38,7 +38,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/load-balancer/main.json b/modules/network/load-balancer/main.json index 2c4512b1ec..d58ef9dcc6 100644 --- a/modules/network/load-balancer/main.json +++ b/modules/network/load-balancer/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2560193995826273246" + "templateHash": "15804132676777658588" }, "name": "Load Balancers", "description": "This module deploys a Load Balancer.", @@ -258,7 +258,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/local-network-gateway/README.md b/modules/network/local-network-gateway/README.md index 6c65ef5a66..6dd6bd4da7 100644 --- a/modules/network/local-network-gateway/README.md +++ b/modules/network/local-network-gateway/README.md @@ -380,7 +380,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/local-network-gateway/main.bicep b/modules/network/local-network-gateway/main.bicep index d097fff9d7..9b0a6ff32a 100644 --- a/modules/network/local-network-gateway/main.bicep +++ b/modules/network/local-network-gateway/main.bicep @@ -31,7 +31,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/local-network-gateway/main.json b/modules/network/local-network-gateway/main.json index b3b121662c..f11208ec19 100644 --- a/modules/network/local-network-gateway/main.json +++ b/modules/network/local-network-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17118988135887784728" + "templateHash": "9834860024329832524" }, "name": "Local Network Gateways", "description": "This module deploys a Local Network Gateway.", @@ -167,7 +167,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/nat-gateway/README.md b/modules/network/nat-gateway/README.md index 26057347be..9db81cfc91 100644 --- a/modules/network/nat-gateway/README.md +++ b/modules/network/nat-gateway/README.md @@ -432,7 +432,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags for the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `zones` diff --git a/modules/network/nat-gateway/main.bicep b/modules/network/nat-gateway/main.bicep index 82b04b94a0..601fd71819 100644 --- a/modules/network/nat-gateway/main.bicep +++ b/modules/network/nat-gateway/main.bicep @@ -39,7 +39,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags for the resource.') -param tags object = {} +param tags object? @description('Optional. The diagnostic settings of the Public IP.') param publicIpDiagnosticSettings diagnosticSettingType diff --git a/modules/network/nat-gateway/main.json b/modules/network/nat-gateway/main.json index f44ad2173c..fbb649e498 100644 --- a/modules/network/nat-gateway/main.json +++ b/modules/network/nat-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18393412325289801618" + "templateHash": "6841733296045395553" }, "name": "NAT Gateways", "description": "This module deploys a NAT Gateway.", @@ -295,7 +295,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags for the resource." } @@ -466,7 +466,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "968771326214380550" + "templateHash": "18404193892947466906" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -805,7 +805,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/network-interface/README.md b/modules/network/network-interface/README.md index 678d9fd744..469e4b7aee 100644 --- a/modules/network/network-interface/README.md +++ b/modules/network/network-interface/README.md @@ -552,7 +552,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/network-interface/main.bicep b/modules/network/network-interface/main.bicep index 257ea044cc..0b25219983 100644 --- a/modules/network/network-interface/main.bicep +++ b/modules/network/network-interface/main.bicep @@ -9,7 +9,7 @@ param name string param location string = resourceGroup().location @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/network-interface/main.json b/modules/network/network-interface/main.json index 71af44d442..9ece338c5f 100644 --- a/modules/network/network-interface/main.json +++ b/modules/network/network-interface/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8812824728238881787" + "templateHash": "6506615823435977032" }, "name": "Network Interface", "description": "This module deploys a Network Interface.", @@ -201,7 +201,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/network-manager/README.md b/modules/network/network-manager/README.md index 138f67d217..7f7d82f383 100644 --- a/modules/network/network-manager/README.md +++ b/modules/network/network-manager/README.md @@ -684,7 +684,6 @@ Security Admin Configurations, Rule Collections and Rules to create for the netw Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/network-manager/main.bicep b/modules/network/network-manager/main.bicep index 45f5df3133..55507d68ee 100644 --- a/modules/network/network-manager/main.bicep +++ b/modules/network/network-manager/main.bicep @@ -17,7 +17,7 @@ param lock lockType param roleAssignments roleAssignmentType @sys.description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @maxLength(500) @sys.description('Optional. A description of the network manager.') diff --git a/modules/network/network-manager/main.json b/modules/network/network-manager/main.json index 1f38af5d1e..28bf192614 100644 --- a/modules/network/network-manager/main.json +++ b/modules/network/network-manager/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13647410280137569380" + "templateHash": "11982582623966534114" }, "name": "Network Managers", "description": "This module deploys a Network Manager.", @@ -135,7 +135,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/network-security-group/README.md b/modules/network/network-security-group/README.md index 3c7254faa2..3aa65e8ff8 100644 --- a/modules/network/network-security-group/README.md +++ b/modules/network/network-security-group/README.md @@ -566,7 +566,6 @@ Array of Security Rules to deploy to the Network Security Group. When not provid Tags of the NSG resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/network-security-group/main.bicep b/modules/network/network-security-group/main.bicep index c0a0f46dd4..df34e44b6c 100644 --- a/modules/network/network-security-group/main.bicep +++ b/modules/network/network-security-group/main.bicep @@ -24,7 +24,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the NSG resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/network-security-group/main.json b/modules/network/network-security-group/main.json index ec731a585b..04902fe9a1 100644 --- a/modules/network/network-security-group/main.json +++ b/modules/network/network-security-group/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6212040398427711437" + "templateHash": "16143869939725478184" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG).", @@ -241,7 +241,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the NSG resource." } diff --git a/modules/network/network-watcher/README.md b/modules/network/network-watcher/README.md index fdd4d5f38e..90da9a7ec3 100644 --- a/modules/network/network-watcher/README.md +++ b/modules/network/network-watcher/README.md @@ -444,7 +444,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/network-watcher/connection-monitor/README.md b/modules/network/network-watcher/connection-monitor/README.md index efd44e1102..313167cd95 100644 --- a/modules/network/network-watcher/connection-monitor/README.md +++ b/modules/network/network-watcher/connection-monitor/README.md @@ -75,7 +75,6 @@ Name of the network watcher resource. Must be in the resource group where the Fl Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `testConfigurations` diff --git a/modules/network/network-watcher/connection-monitor/main.bicep b/modules/network/network-watcher/connection-monitor/main.bicep index c150269b10..536db29611 100644 --- a/modules/network/network-watcher/connection-monitor/main.bicep +++ b/modules/network/network-watcher/connection-monitor/main.bicep @@ -9,7 +9,7 @@ param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' param name string @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Location for all resources.') param location string = resourceGroup().location diff --git a/modules/network/network-watcher/connection-monitor/main.json b/modules/network/network-watcher/connection-monitor/main.json index c7df0ada6e..81a437ce7e 100644 --- a/modules/network/network-watcher/connection-monitor/main.json +++ b/modules/network/network-watcher/connection-monitor/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11763235795280157018" + "templateHash": "3258279638384899203" }, "name": "Network Watchers Connection Monitors", "description": "This module deploys a Network Watcher Connection Monitor.", @@ -27,7 +28,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -78,8 +79,8 @@ "variables": { "outputs": "[if(not(empty(parameters('workspaceResourceId'))), createArray(createObject('type', 'Workspace', 'workspaceSettings', createObject('workspaceResourceId', parameters('workspaceResourceId')))), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -93,7 +94,13 @@ } } }, - { + "networkWatcher": { + "existing": true, + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2023-04-01", + "name": "[parameters('networkWatcherName')]" + }, + "connectionMonitor": { "type": "Microsoft.Network/networkWatchers/connectionMonitors", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", @@ -104,9 +111,12 @@ "testConfigurations": "[parameters('testConfigurations')]", "testGroups": "[parameters('testGroups')]", "outputs": "[variables('outputs')]" - } + }, + "dependsOn": [ + "networkWatcher" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -134,7 +144,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkWatchers/connectionMonitors', parameters('networkWatcherName'), parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('connectionMonitor', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/network-watcher/flow-log/README.md b/modules/network/network-watcher/flow-log/README.md index 1afef915fc..f9b2dddaf0 100644 --- a/modules/network/network-watcher/flow-log/README.md +++ b/modules/network/network-watcher/flow-log/README.md @@ -101,7 +101,6 @@ Resource ID of the diagnostic storage account. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `targetResourceId` diff --git a/modules/network/network-watcher/flow-log/main.bicep b/modules/network/network-watcher/flow-log/main.bicep index 11ab0bfa85..b1bbb833a5 100644 --- a/modules/network/network-watcher/flow-log/main.bicep +++ b/modules/network/network-watcher/flow-log/main.bicep @@ -10,7 +10,7 @@ param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' param name string = '${last(split(targetResourceId, '/'))}-${split(targetResourceId, '/')[4]}-flowlog' @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Location for all resources.') param location string = resourceGroup().location diff --git a/modules/network/network-watcher/flow-log/main.json b/modules/network/network-watcher/flow-log/main.json index 0d737f5dce..c7d365f80c 100644 --- a/modules/network/network-watcher/flow-log/main.json +++ b/modules/network/network-watcher/flow-log/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17949647288095694070" + "templateHash": "7397123180177309349" }, "name": "NSG Flow Logs", "description": "This module controls the Network Security Group Flow Logs and analytics settings.\r\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**", @@ -28,7 +29,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -108,8 +109,8 @@ "variables": { "flowAnalyticsConfiguration": "[if(and(not(empty(parameters('workspaceResourceId'))), equals(parameters('enabled'), true())), createObject('networkWatcherFlowAnalyticsConfiguration', createObject('enabled', true(), 'workspaceResourceId', parameters('workspaceResourceId'), 'trafficAnalyticsInterval', parameters('trafficAnalyticsInterval'))), createObject('networkWatcherFlowAnalyticsConfiguration', createObject('enabled', false())))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -123,7 +124,13 @@ } } }, - { + "networkWatcher": { + "existing": true, + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2023-04-01", + "name": "[parameters('networkWatcherName')]" + }, + "flowLog": { "type": "Microsoft.Network/networkWatchers/flowLogs", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", @@ -142,9 +149,12 @@ "version": "[parameters('formatVersion')]" }, "flowAnalyticsConfiguration": "[variables('flowAnalyticsConfiguration')]" - } + }, + "dependsOn": [ + "networkWatcher" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -172,7 +182,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkWatchers/flowLogs', parameters('networkWatcherName'), parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('flowLog', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/network-watcher/main.bicep b/modules/network/network-watcher/main.bicep index a20af3f5e0..4ca2b00db7 100644 --- a/modules/network/network-watcher/main.bicep +++ b/modules/network/network-watcher/main.bicep @@ -22,7 +22,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/network-watcher/main.json b/modules/network/network-watcher/main.json index 6fb1e7c468..85e335cbac 100644 --- a/modules/network/network-watcher/main.json +++ b/modules/network/network-watcher/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13987242665374495916" + "templateHash": "768801903323165380" }, "name": "Network Watchers", "description": "This module deploys a Network Watcher.", @@ -149,7 +149,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -262,12 +262,13 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11763235795280157018" + "templateHash": "3258279638384899203" }, "name": "Network Watchers Connection Monitors", "description": "This module deploys a Network Watcher Connection Monitor.", @@ -289,7 +290,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -340,8 +341,8 @@ "variables": { "outputs": "[if(not(empty(parameters('workspaceResourceId'))), createArray(createObject('type', 'Workspace', 'workspaceSettings', createObject('workspaceResourceId', parameters('workspaceResourceId')))), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -355,7 +356,13 @@ } } }, - { + "networkWatcher": { + "existing": true, + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2023-04-01", + "name": "[parameters('networkWatcherName')]" + }, + "connectionMonitor": { "type": "Microsoft.Network/networkWatchers/connectionMonitors", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", @@ -366,9 +373,12 @@ "testConfigurations": "[parameters('testConfigurations')]", "testGroups": "[parameters('testGroups')]", "outputs": "[variables('outputs')]" - } + }, + "dependsOn": [ + "networkWatcher" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -396,7 +406,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkWatchers/connectionMonitors', parameters('networkWatcherName'), parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('connectionMonitor', '2023-04-01', 'full').location]" } } } @@ -441,12 +451,13 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17949647288095694070" + "templateHash": "7397123180177309349" }, "name": "NSG Flow Logs", "description": "This module controls the Network Security Group Flow Logs and analytics settings.\r\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**", @@ -469,7 +480,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -549,8 +560,8 @@ "variables": { "flowAnalyticsConfiguration": "[if(and(not(empty(parameters('workspaceResourceId'))), equals(parameters('enabled'), true())), createObject('networkWatcherFlowAnalyticsConfiguration', createObject('enabled', true(), 'workspaceResourceId', parameters('workspaceResourceId'), 'trafficAnalyticsInterval', parameters('trafficAnalyticsInterval'))), createObject('networkWatcherFlowAnalyticsConfiguration', createObject('enabled', false())))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -564,7 +575,13 @@ } } }, - { + "networkWatcher": { + "existing": true, + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2023-04-01", + "name": "[parameters('networkWatcherName')]" + }, + "flowLog": { "type": "Microsoft.Network/networkWatchers/flowLogs", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", @@ -583,9 +600,12 @@ "version": "[parameters('formatVersion')]" }, "flowAnalyticsConfiguration": "[variables('flowAnalyticsConfiguration')]" - } + }, + "dependsOn": [ + "networkWatcher" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -613,7 +633,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkWatchers/flowLogs', parameters('networkWatcherName'), parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('flowLog', '2023-04-01', 'full').location]" } } } diff --git a/modules/network/private-dns-zone/README.md b/modules/network/private-dns-zone/README.md index 0191518ff6..f225228a70 100644 --- a/modules/network/private-dns-zone/README.md +++ b/modules/network/private-dns-zone/README.md @@ -691,7 +691,6 @@ Array of SRV records. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `txt` diff --git a/modules/network/private-dns-zone/main.bicep b/modules/network/private-dns-zone/main.bicep index 4054c86be0..818c516dd5 100644 --- a/modules/network/private-dns-zone/main.bicep +++ b/modules/network/private-dns-zone/main.bicep @@ -39,7 +39,7 @@ param location string = 'global' param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. The lock settings of the service.') param lock lockType @@ -193,7 +193,7 @@ module privateDnsZone_virtualNetworkLinks 'virtual-network-link/main.bicep' = [f virtualNetworkResourceId: virtualNetworkLink.virtualNetworkResourceId location: contains(virtualNetworkLink, 'location') ? virtualNetworkLink.location : 'global' registrationEnabled: contains(virtualNetworkLink, 'registrationEnabled') ? virtualNetworkLink.registrationEnabled : false - tags: contains(virtualNetworkLink, 'tags') ? virtualNetworkLink.tags : {} + tags: virtualNetworkLink.?tags ?? tags enableDefaultTelemetry: enableReferencedModulesTelemetry } }] diff --git a/modules/network/private-dns-zone/main.json b/modules/network/private-dns-zone/main.json index 0dbb326495..88f780099a 100644 --- a/modules/network/private-dns-zone/main.json +++ b/modules/network/private-dns-zone/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18339813658426001901" + "templateHash": "3388913792473865283" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", @@ -190,7 +190,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -2378,19 +2378,22 @@ }, "location": "[if(contains(parameters('virtualNetworkLinks')[copyIndex()], 'location'), createObject('value', parameters('virtualNetworkLinks')[copyIndex()].location), createObject('value', 'global'))]", "registrationEnabled": "[if(contains(parameters('virtualNetworkLinks')[copyIndex()], 'registrationEnabled'), createObject('value', parameters('virtualNetworkLinks')[copyIndex()].registrationEnabled), createObject('value', false()))]", - "tags": "[if(contains(parameters('virtualNetworkLinks')[copyIndex()], 'tags'), createObject('value', parameters('virtualNetworkLinks')[copyIndex()].tags), createObject('value', createObject()))]", + "tags": { + "value": "[coalesce(tryGet(parameters('virtualNetworkLinks')[copyIndex()], 'tags'), parameters('tags'))]" + }, "enableDefaultTelemetry": { "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12342244725180262876" + "templateHash": "14262386012436592269" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -2419,7 +2422,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -2445,8 +2448,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -2460,7 +2463,13 @@ } } }, - { + "privateDnsZone": { + "existing": true, + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]" + }, + "virtualNetworkLink": { "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", "apiVersion": "2020-06-01", "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), parameters('name'))]", @@ -2471,9 +2480,12 @@ "virtualNetwork": { "id": "[parameters('virtualNetworkResourceId')]" } - } + }, + "dependsOn": [ + "privateDnsZone" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2501,7 +2513,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/privateDnsZones/virtualNetworkLinks', parameters('privateDnsZoneName'), parameters('name')), '2020-06-01', 'full').location]" + "value": "[reference('virtualNetworkLink', '2020-06-01', 'full').location]" } } } diff --git a/modules/network/private-dns-zone/virtual-network-link/README.md b/modules/network/private-dns-zone/virtual-network-link/README.md index b745342815..b83d22b41d 100644 --- a/modules/network/private-dns-zone/virtual-network-link/README.md +++ b/modules/network/private-dns-zone/virtual-network-link/README.md @@ -78,7 +78,6 @@ Is auto-registration of virtual machine records in the virtual network in the Pr Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `virtualNetworkResourceId` diff --git a/modules/network/private-dns-zone/virtual-network-link/main.bicep b/modules/network/private-dns-zone/virtual-network-link/main.bicep index afd20ce63d..0885bf3952 100644 --- a/modules/network/private-dns-zone/virtual-network-link/main.bicep +++ b/modules/network/private-dns-zone/virtual-network-link/main.bicep @@ -12,7 +12,7 @@ param name string = '${last(split(virtualNetworkResourceId, '/'))}-vnetlink' param location string = 'global' @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?.') param registrationEnabled bool = false diff --git a/modules/network/private-dns-zone/virtual-network-link/main.json b/modules/network/private-dns-zone/virtual-network-link/main.json index 51d922b079..10f3e34f7e 100644 --- a/modules/network/private-dns-zone/virtual-network-link/main.json +++ b/modules/network/private-dns-zone/virtual-network-link/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12342244725180262876" + "templateHash": "14262386012436592269" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -34,7 +35,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -60,8 +61,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -75,7 +76,13 @@ } } }, - { + "privateDnsZone": { + "existing": true, + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]" + }, + "virtualNetworkLink": { "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", "apiVersion": "2020-06-01", "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), parameters('name'))]", @@ -86,9 +93,12 @@ "virtualNetwork": { "id": "[parameters('virtualNetworkResourceId')]" } - } + }, + "dependsOn": [ + "privateDnsZone" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -116,7 +126,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/privateDnsZones/virtualNetworkLinks', parameters('privateDnsZoneName'), parameters('name')), '2020-06-01', 'full').location]" + "value": "[reference('virtualNetworkLink', '2020-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/private-link-service/README.md b/modules/network/private-link-service/README.md index 6ff4cb081d..a9dbe52c17 100644 --- a/modules/network/private-link-service/README.md +++ b/modules/network/private-link-service/README.md @@ -462,7 +462,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object -- Default: `{object}` ### Parameter: `visibility` diff --git a/modules/network/private-link-service/main.bicep b/modules/network/private-link-service/main.bicep index b964c1d180..4691ab09c6 100644 --- a/modules/network/private-link-service/main.bicep +++ b/modules/network/private-link-service/main.bicep @@ -12,7 +12,7 @@ param location string = resourceGroup().location param lock lockType @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') -param tags object = {} +param tags object? @description('Optional. The extended location of the load balancer.') param extendedLocation object = {} diff --git a/modules/network/private-link-service/main.json b/modules/network/private-link-service/main.json index 3ecea13bbf..1a1d8491cc 100644 --- a/modules/network/private-link-service/main.json +++ b/modules/network/private-link-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14019322744522497377" + "templateHash": "3379360327986898312" }, "name": "Private Link Services", "description": "This module deploys a Private Link Service.", @@ -127,7 +127,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } diff --git a/modules/network/public-ip-address/README.md b/modules/network/public-ip-address/README.md index 3c7c63293d..4f3ad77e59 100644 --- a/modules/network/public-ip-address/README.md +++ b/modules/network/public-ip-address/README.md @@ -549,7 +549,6 @@ Tier of a public IP address SKU. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `zones` diff --git a/modules/network/public-ip-address/main.bicep b/modules/network/public-ip-address/main.bicep index 16eacf4f4d..f907565f45 100644 --- a/modules/network/public-ip-address/main.bicep +++ b/modules/network/public-ip-address/main.bicep @@ -74,7 +74,7 @@ param roleAssignments roleAssignmentType param enableDefaultTelemetry bool = true @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? var builtInRoleNames = { Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') diff --git a/modules/network/public-ip-address/main.json b/modules/network/public-ip-address/main.json index f1bc72b6c8..70133688a7 100644 --- a/modules/network/public-ip-address/main.json +++ b/modules/network/public-ip-address/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "968771326214380550" + "templateHash": "18404193892947466906" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -345,7 +345,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/public-ip-prefix/README.md b/modules/network/public-ip-prefix/README.md index c38f10e3a0..b4f5ab4c19 100644 --- a/modules/network/public-ip-prefix/README.md +++ b/modules/network/public-ip-prefix/README.md @@ -325,7 +325,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/public-ip-prefix/main.bicep b/modules/network/public-ip-prefix/main.bicep index 23c2c7b056..067b299025 100644 --- a/modules/network/public-ip-prefix/main.bicep +++ b/modules/network/public-ip-prefix/main.bicep @@ -21,7 +21,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. The customIpPrefix that this prefix is associated with. A custom IP address prefix is a contiguous range of IP addresses owned by an external customer and provisioned into a subscription. When a custom IP prefix is in Provisioned, Commissioning, or Commissioned state, a linked public IP prefix can be created. Either as a subset of the custom IP prefix range or the entire range.') param customIPPrefix object = {} diff --git a/modules/network/public-ip-prefix/main.json b/modules/network/public-ip-prefix/main.json index 25e8f2aff0..8245998e85 100644 --- a/modules/network/public-ip-prefix/main.json +++ b/modules/network/public-ip-prefix/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17531002451033298883" + "templateHash": "12289116883631984029" }, "name": "Public IP Prefixes", "description": "This module deploys a Public IP Prefix.", @@ -142,7 +142,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index 9af978eec2..c72d3efdd9 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -340,7 +340,6 @@ An Array of Routes to be established within the hub route table. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/route-table/main.bicep b/modules/network/route-table/main.bicep index ff4eb5bb3a..8a416fcc21 100644 --- a/modules/network/route-table/main.bicep +++ b/modules/network/route-table/main.bicep @@ -21,7 +21,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/route-table/main.json b/modules/network/route-table/main.json index 2bb3a3f95a..8563735479 100644 --- a/modules/network/route-table/main.json +++ b/modules/network/route-table/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15729767550329872027" + "templateHash": "16231060934698023931" }, "name": "Route Tables", "description": "This module deploys a User Defined Route Table (UDR).", @@ -147,7 +147,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/service-endpoint-policy/README.md b/modules/network/service-endpoint-policy/README.md index 9865933bc5..84bbf928c5 100644 --- a/modules/network/service-endpoint-policy/README.md +++ b/modules/network/service-endpoint-policy/README.md @@ -354,7 +354,6 @@ An Array of service endpoint policy definitions. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ## Outputs diff --git a/modules/network/service-endpoint-policy/main.bicep b/modules/network/service-endpoint-policy/main.bicep index fe50a768e4..09d59d58a5 100644 --- a/modules/network/service-endpoint-policy/main.bicep +++ b/modules/network/service-endpoint-policy/main.bicep @@ -24,7 +24,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/service-endpoint-policy/main.json b/modules/network/service-endpoint-policy/main.json index c1fbae80ab..0d1e589b59 100644 --- a/modules/network/service-endpoint-policy/main.json +++ b/modules/network/service-endpoint-policy/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "379140032937405547" + "templateHash": "10435227051484673475" }, "name": "Service Endpoint Policies", "description": "This module deploys a Service Endpoint Policy.", @@ -154,7 +154,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index 2149dec13e..90a4577d8b 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -493,7 +493,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Resource tags. - Required: No - Type: object -- Default: `{object}` ### Parameter: `trafficRoutingMethod` diff --git a/modules/network/trafficmanagerprofile/main.bicep b/modules/network/trafficmanagerprofile/main.bicep index e793655737..fb034877ba 100644 --- a/modules/network/trafficmanagerprofile/main.bicep +++ b/modules/network/trafficmanagerprofile/main.bicep @@ -60,7 +60,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Resource tags.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/trafficmanagerprofile/main.json b/modules/network/trafficmanagerprofile/main.json index 3f5118b0a4..5fb51da587 100644 --- a/modules/network/trafficmanagerprofile/main.json +++ b/modules/network/trafficmanagerprofile/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2562804839446709562" + "templateHash": "10183539121866982078" }, "name": "Traffic Manager Profiles", "description": "This module deploys a Traffic Manager Profile.", @@ -314,7 +314,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Resource tags." } diff --git a/modules/network/virtual-hub/README.md b/modules/network/virtual-hub/README.md index 8196fcc635..8524210391 100644 --- a/modules/network/virtual-hub/README.md +++ b/modules/network/virtual-hub/README.md @@ -385,7 +385,6 @@ The sku of this VirtualHub. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `virtualHubRouteTableV2s` diff --git a/modules/network/virtual-hub/main.bicep b/modules/network/virtual-hub/main.bicep index 8c18bacd2e..eabe51ce79 100644 --- a/modules/network/virtual-hub/main.bicep +++ b/modules/network/virtual-hub/main.bicep @@ -10,7 +10,7 @@ param name string param location string = resourceGroup().location @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Required. Address-prefix for this VirtualHub.') param addressPrefix string diff --git a/modules/network/virtual-hub/main.json b/modules/network/virtual-hub/main.json index b5d004bbf0..718814eff9 100644 --- a/modules/network/virtual-hub/main.json +++ b/modules/network/virtual-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18370273919471051889" + "templateHash": "11534311815660563241" }, "name": "Virtual Hubs", "description": "This module deploys a Virtual Hub.\r\nIf you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integrated), please refer to the Azure Firewall module.", @@ -55,7 +55,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index ead289847f..763d5b9fb3 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -1140,7 +1140,6 @@ The SKU of the Gateway. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `vNetResourceId` diff --git a/modules/network/virtual-network-gateway/main.bicep b/modules/network/virtual-network-gateway/main.bicep index 4e6e0563c0..6977268079 100644 --- a/modules/network/virtual-network-gateway/main.bicep +++ b/modules/network/virtual-network-gateway/main.bicep @@ -125,7 +125,7 @@ param roleAssignments roleAssignmentType param lock lockType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/virtual-network-gateway/main.json b/modules/network/virtual-network-gateway/main.json index 091094caf3..eaa29a2c28 100644 --- a/modules/network/virtual-network-gateway/main.json +++ b/modules/network/virtual-network-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12621713101290509053" + "templateHash": "10499044138923307873" }, "name": "Virtual Network Gateways", "description": "This module deploys a Virtual Network Gateway.", @@ -448,7 +448,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } @@ -657,7 +657,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "968771326214380550" + "templateHash": "18404193892947466906" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -996,7 +996,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index 27ac904abb..6ae0427141 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -731,7 +731,6 @@ An Array of subnets to deploy to the Virtual Network. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `vnetEncryption` diff --git a/modules/network/virtual-network/main.bicep b/modules/network/virtual-network/main.bicep index 7bfff1e7f2..9e46d65ae8 100644 --- a/modules/network/virtual-network/main.bicep +++ b/modules/network/virtual-network/main.bicep @@ -47,7 +47,7 @@ param lock lockType param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/virtual-network/main.json b/modules/network/virtual-network/main.json index 970f28780d..767bf3b948 100644 --- a/modules/network/virtual-network/main.json +++ b/modules/network/virtual-network/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4487813661219607743" + "templateHash": "17994966106128873660" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", @@ -305,7 +305,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/virtual-wan/README.md b/modules/network/virtual-wan/README.md index 78d5f5ebf7..4a43dbc3ca 100644 --- a/modules/network/virtual-wan/README.md +++ b/modules/network/virtual-wan/README.md @@ -343,7 +343,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `type` diff --git a/modules/network/virtual-wan/main.bicep b/modules/network/virtual-wan/main.bicep index 12bdd5defc..b3d6f04fbe 100644 --- a/modules/network/virtual-wan/main.bicep +++ b/modules/network/virtual-wan/main.bicep @@ -28,7 +28,7 @@ param disableVpnEncryption bool = false param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/virtual-wan/main.json b/modules/network/virtual-wan/main.json index 92b46f097e..c359e2792f 100644 --- a/modules/network/virtual-wan/main.json +++ b/modules/network/virtual-wan/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10009504626840542150" + "templateHash": "16118078360254929709" }, "name": "Virtual WANs", "description": "This module deploys a Virtual WAN.", @@ -159,7 +159,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index 5328158034..c9b7d5e440 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -338,7 +338,6 @@ List of all the NAT Rules to associate with the gateway. Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `virtualHubResourceId` diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index 748199118f..98d2495329 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -30,7 +30,7 @@ param isRoutingPreferenceInternet bool = false param vpnGatewayScaleUnit int = 2 @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Optional. The lock settings of the service.') param lock lockType diff --git a/modules/network/vpn-gateway/main.json b/modules/network/vpn-gateway/main.json index 553c9b6c38..bd6b9d0262 100644 --- a/modules/network/vpn-gateway/main.json +++ b/modules/network/vpn-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18343688551152828699" + "templateHash": "1887977315027479771" }, "name": "VPN Gateways", "description": "This module deploys a VPN Gateway.", @@ -103,7 +103,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." } diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index 59e4d270e4..13a2a17025 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -464,7 +464,6 @@ Required. The name of the role to assign. If it cannot be found you can specify Tags of the resource. - Required: No - Type: object -- Default: `{object}` ### Parameter: `virtualWanId` diff --git a/modules/network/vpn-site/main.bicep b/modules/network/vpn-site/main.bicep index 860a2fab72..a43605ce50 100644 --- a/modules/network/vpn-site/main.bicep +++ b/modules/network/vpn-site/main.bicep @@ -12,7 +12,7 @@ param virtualWanId string param location string = resourceGroup().location @description('Optional. Tags of the resource.') -param tags object = {} +param tags object? @description('Conditional. An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured.') param addressPrefixes array = [] diff --git a/modules/network/vpn-site/main.json b/modules/network/vpn-site/main.json index fe722b1c34..486e0953cf 100644 --- a/modules/network/vpn-site/main.json +++ b/modules/network/vpn-site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6363080366806288405" + "templateHash": "9467816521347210128" }, "name": "VPN Sites", "description": "This module deploys a VPN Site.", @@ -127,7 +127,7 @@ }, "tags": { "type": "object", - "defaultValue": {}, + "nullable": true, "metadata": { "description": "Optional. Tags of the resource." }