Azure · eriqua · Feb 22, 2022 · Feb 21, 2022 · Feb 21, 2022 · Feb 21, 2022
@@ -97,6 +97,38 @@
                 }
             ]
         },
+        "topics": {
+            "value": [
+                {
+                    "name": "<<namePrefix>>-az-sbt-x-001",
+                    "roleAssignments": [
+                        {
+                            "roleDefinitionIdOrName": "Reader",
+                            "principalIds": [
+                                "<<deploymentSpId>>"
+                            ]
+                        }
+                    ],
+                    "authorizationRules": [
+                        {
+                            "name": "RootManageSharedAccessKey",
+                            "rights": [
+                                "Listen",
+                                "Manage",
+                                "Send"
+                            ]
+                        },
+                        {
+                            "name": "AnotherKey",
+                            "rights": [
+                                "Listen",
+                                "Send"
+                            ]
+                        }
+                    ]
+                }
+            ]
+        },
         "diagnosticLogsRetentionInDays": {
             "value": 7
         },

@@ -89,6 +89,9 @@ param baseTime string = utcNow('u')
 @description('Optional. The queues to create in the service bus namespace')
 param queues array = []
 
+@description('Optional. The topics to create in the service bus namespace')
+param topics array = []
+
 @description('Optional. The name of logs that will be streamed.')
 @allowed([
   'OperationalLogs'
@@ -234,6 +237,37 @@ module serviceBusNamespace_queues 'queues/deploy.bicep' = [for (queue, index) in
   }
 }]
 
+module serviceBusNamespace_topics 'topics/deploy.bicep' = [for (topic, index) in topics: {
+  name: '${uniqueString(deployment().name, location)}-Topic-${index}'
+  params: {
+    namespaceName: serviceBusNamespace.name
+    name: topic.name
+    authorizationRules: contains(topic, 'authorizationRules') ? topic.authorizationRules : [
+      {
+        name: 'RootManageSharedAccessKey'
+        rights: [
+          'Listen'
+          'Manage'
+          'Send'
+        ]
+      }
+    ]
+    autoDeleteOnIdle: contains(topic, 'autoDeleteOnIdle') ? topic.autoDeleteOnIdle : 'PT5M'
+    defaultMessageTimeToLive: contains(topic, 'defaultMessageTimeToLive') ? topic.defaultMessageTimeToLive : 'P14D'
+    duplicateDetectionHistoryTimeWindow: contains(topic, 'duplicateDetectionHistoryTimeWindow') ? topic.duplicateDetectionHistoryTimeWindow : 'PT10M'
+    enableBatchedOperations: contains(topic, 'enableBatchedOperations') ? topic.enableBatchedOperations : true
+    enableExpress: contains(topic, 'enableExpress') ? topic.enableExpress : false
+    enablePartitioning: contains(topic, 'enablePartitioning') ? topic.enablePartitioning : false
+    lock: contains(topic, 'lock') ? topic.lock : 'NotSpecified'
+    maxMessageSizeInKilobytes: contains(topic, 'maxMessageSizeInKilobytes') ? topic.maxMessageSizeInKilobytes : 1024
+    maxSizeInMegabytes: contains(topic, 'maxSizeInMegabytes') ? topic.maxSizeInMegabytes : 1024
+    requiresDuplicateDetection: contains(topic, 'requiresDuplicateDetection') ? topic.requiresDuplicateDetection : false
+    roleAssignments: contains(topic, 'roleAssignments') ? topic.roleAssignments : []
+    status: contains(topic, 'status') ? topic.status : 'Active'
+    supportOrdering: contains(topic, 'supportOrdering') ? topic.supportOrdering : false
+  }
+}]
+
 resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') {
   name: '${serviceBusNamespace.name}-${lock}-lock'
   properties: {

@@ -1,4 +1,4 @@
-# ServiceBus Queue `[Microsoft.ServiceBus/namespaces/queues]`
+# ServiceBus Namespace Queue `[Microsoft.ServiceBus/namespaces/queues]`
 
 This module deploys a queue for a service bus namespace.
 

@@ -18,6 +18,8 @@ This module deploys a service bus namespace resource.
 | `Microsoft.ServiceBus/namespaces/migrationConfigurations` | 2017-04-01 |
 | `Microsoft.ServiceBus/namespaces/queues` | 2021-06-01-preview |
 | `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | 2017-04-01 |
+| `Microsoft.ServiceBus/namespaces/topics` | 2021-06-01-preview |
+| `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | 2021-06-01-preview |
 | `Microsoft.ServiceBus/namespaces/virtualnetworkrules` | 2018-01-01-preview |
 
 ## Parameters
@@ -46,6 +48,7 @@ This module deploys a service bus namespace resource.
 | `skuName` | string | `Basic` | `[Basic, Standard, Premium]` | Required. Name of this SKU. - Basic, Standard, Premium |
 | `systemAssignedIdentity` | bool |  |  | Optional. Enables system assigned managed identity on the resource. |
 | `tags` | object | `{object}` |  | Optional. Tags of the resource. |
+| `topics` | _[topics](topics/readme.md)_ array | `[]` |  | Optional. The topics to create in the service bus namespace |
 | `userAssignedIdentities` | object | `{object}` |  | Optional. The ID(s) to assign to the resource. |
 | `virtualNetworkRules` | _[virtualNetworkRules](virtualNetworkRules/readme.md)_ array | `[]` |  | Optional. vNet Rules SubnetIds for the Service Bus namespace. |
 | `zoneRedundant` | bool |  |  | Optional. Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. |
@@ -158,6 +161,8 @@ You can specify multiple user assigned identities to a resource by providing add
 - [Namespaces/Migrationconfigurations](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/migrationConfigurations)
 - [Namespaces/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues)
 - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules)
+- [Namespaces/Topics](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics)
+- [Namespaces/Topics/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics/authorizationRules)
 - [Namespaces/Virtualnetworkrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/virtualnetworkrules)
 - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints)
 - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups)

@@ -0,0 +1 @@
+
@@ -0,0 +1,35 @@
+param principalIds array
+param roleDefinitionIdOrName string
+param resourceId string
+
+var builtInRoleNames = {
+  'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+  'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+  'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+  'Azure Service Bus Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419')
+  'Azure Service Bus Data Receiver': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0')
+  'Azure Service Bus Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39')
+  'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
+  'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
+  'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
+  'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
+  'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
+  'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
+  'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
+  'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
+  'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')
+  'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' existing = {
+  name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}'
+}
+
+resource roleAssigment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: {
+  name: guid(topic.name, principalId, roleDefinitionIdOrName)
+  properties: {
+    roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName
+    principalId: principalId
+  }
+  scope: topic
+}]
@@ -0,0 +1 @@
+
@@ -0,0 +1,49 @@
+@description('Required. The name of the service bus namespace topic')
+param name string
+
+@description('Required. The name of the parent service bus namespace')
+param namespaceName string
+
+@description('Required. The name of the parent service bus namespace topic')
+param topicName string
+
+@description('Optional. The rights associated with the rule.')
+@allowed([
+  'Listen'
+  'Manage'
+  'Send'
+])
+param rights array = []
+
+@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered')
+param cuaId string = ''
+
+module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) {
+  name: 'pid-${cuaId}'
+  params: {}
+}
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = {
+  name: namespaceName
+
+  resource topic 'topics@2021-06-01-preview' existing = {
+    name: topicName
+  }
+}
+
+resource authorizationRule 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-06-01-preview' = {
+  name: name
+  parent: namespace::topic
+  properties: {
+    rights: rights
+  }
+}
+
+@description('The name of the authorization rule.')
+output name string = authorizationRule.name
+
+@description('The Resource ID of the authorization rule.')
+output resourceId string = authorizationRule.id
+
+@description('The name of the Resource Group the authorization rule was created in.')
+output resourceGroupName string = resourceGroup().name
@@ -0,0 +1,31 @@
+# ServiceBus Namespace Topic Authorization Rules `[Microsoft.ServiceBus/namespaces/topics/authorizationRules]`
+
+This module deploys an authorization rule for a service bus namespace topic.
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | 2021-06-01-preview |
+
+## Parameters
+
+| Parameter Name | Type | Default Value | Possible Values | Description |
+| :-- | :-- | :-- | :-- | :-- |
+| `cuaId` | string |  |  | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered |
+| `name` | string |  |  | Required. The name of the service bus namespace topic |
+| `namespaceName` | string |  |  | Required. The name of the parent service bus namespace |
+| `rights` | array | `[]` | `[Listen, Manage, Send]` | Optional. The rights associated with the rule. |
+| `topicName` | string |  |  | Required. The name of the parent service bus namespace topic |
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the authorization rule. |
+| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. |
+| `resourceId` | string | The Resource ID of the authorization rule. |
+
+## Template references
+
+- [Namespaces/Topics/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics/authorizationRules)
@@ -0,0 +1,4 @@
+{
+    "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+    "version": "0.4"
+}
@@ -0,0 +1,145 @@
+@description('Required. Name of the parent Service Bus Namespace for the Service Bus Topic.')
+@minLength(6)
+@maxLength(50)
+param namespaceName string
+
+@description('Required. Name of the Service Bus Topic.')
+@minLength(6)
+@maxLength(50)
+param name string
+
+@description('Optional. The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024.')
+param maxSizeInMegabytes int = 1024
+
+@description('Optional. A value indicating if this topic requires duplicate detection.')
+param requiresDuplicateDetection bool = false
+
+@description('Optional. ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself.')
+param defaultMessageTimeToLive string = 'P14D'
+
+@description('Optional. Value that indicates whether server-side batched operations are enabled.')
+param enableBatchedOperations bool = true
+
+@description('Optional. ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes.')
+param duplicateDetectionHistoryTimeWindow string = 'PT10M'
+
+@description('Optional. Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024.')
+param maxMessageSizeInKilobytes int = 1024
+
+@description('Optional. Value that indicates whether the topic supports ordering.')
+param supportOrdering bool = false
+
+@description('Optional. ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes.')
+param autoDeleteOnIdle string = 'PT5M'
+
+@description('Optional. Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown')
+@allowed([
+  'Active'
+  'Disabled'
+  'Restoring'
+  'SendDisabled'
+  'ReceiveDisabled'
+  'Creating'
+  'Deleting'
+  'Renaming'
+  'Unknown'
+])
+param status string = 'Active'
+
+@description('Optional. A value that indicates whether the topic is to be partitioned across multiple message brokers.')
+param enablePartitioning bool = false
+
+@description('Optional. A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage.')
+param enableExpress bool = false
+
+@description('Optional. Authorization Rules for the Service Bus Topic')
+param authorizationRules array = [
+  {
+    name: 'RootManageSharedAccessKey'
+    properties: {
+      rights: [
+        'Listen'
+        'Manage'
+        'Send'
+      ]
+    }
+  }
+]
+
+@allowed([
+  'CanNotDelete'
+  'NotSpecified'
+  'ReadOnly'
+])
+@description('Optional. Specify the type of lock.')
+param lock string = 'NotSpecified'
+
+@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'')
+param roleAssignments array = []
+
+@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered')
+param cuaId string = ''
+
+module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) {
+  name: 'pid-${cuaId}'
+  params: {}
+}
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = {
+  name: namespaceName
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = {
+  name: name
+  parent: namespace
+  properties: {
+    autoDeleteOnIdle: autoDeleteOnIdle
+    defaultMessageTimeToLive: defaultMessageTimeToLive
+    duplicateDetectionHistoryTimeWindow: duplicateDetectionHistoryTimeWindow
+    enableBatchedOperations: enableBatchedOperations
+    enableExpress: enableExpress
+    enablePartitioning: enablePartitioning
+    maxMessageSizeInKilobytes: maxMessageSizeInKilobytes
+    maxSizeInMegabytes: maxSizeInMegabytes
+    requiresDuplicateDetection: requiresDuplicateDetection
+    status: status
+    supportOrdering: supportOrdering
+  }
+}
+
+module topic_authorizationRules 'authorizationRules/deploy.bicep' = [for (authorizationRule, index) in authorizationRules: {
+  name: '${deployment().name}-AuthRule-${index}'
+  params: {
+    namespaceName: namespaceName
+    topicName: topic.name
+    name: authorizationRule.name
+    rights: contains(authorizationRule, 'rights') ? authorizationRule.rights : []
+  }
+}]
+
+resource topic_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') {
+  name: '${topic.name}-${lock}-lock'
+  properties: {
+    level: lock
+    notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.'
+  }
+  scope: topic
+}
+
+module topic_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: {
+  name: '${deployment().name}-rbac-${index}'
+  params: {
+    principalIds: roleAssignment.principalIds
+    roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName
+    resourceId: topic.id
+  }
+}]
+
+@description('The name of the deployed topic')
+output name string = topic.name
+
+@description('The resource ID of the deployed topic')
+output resourceId string = topic.id
+
+@description('The resource group of the deployed topic')
+output resourceGroupName string = resourceGroup().name