Azure · MariusStorhaug · Mar 5, 2022 · Feb 28, 2022 · Mar 4, 2022 · Mar 4, 2022
@@ -43,6 +43,7 @@ stages:
           removeDeployment: '${{ parameters.removeDeployment }}'
           deploymentBlocks:
             - path: $(modulePath)/.parameters/min.parameters.json
+            - path: $(modulePath)/.parameters/nfs.parameters.json
             - path: $(modulePath)/.parameters/parameters.json
             - path: $(modulePath)/.parameters/v1.parameters.json
 

@@ -82,7 +82,7 @@ jobs:
       fail-fast: false
       matrix:
         parameterFilePaths:
-          ['parameters.json', 'min.parameters.json', 'v1.parameters.json']
+          ['parameters.json', 'min.parameters.json', 'nfs.parameters.json', 'v1.parameters.json']
     steps:
       - name: 'Checkout'
         uses: actions/checkout@v2

@@ -0,0 +1,64 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>azsax002"
+        },
+        "storageAccountSku": {
+            "value": "Premium_LRS"
+        },
+        "storageAccountKind": {
+            "value": "FileStorage"
+        },
+        "allowBlobPublicAccess": {
+            "value": false
+        },
+        "supportsHttpsTrafficOnly": {
+            "value": false
+        },
+        "fileServices": {
+            "value": {
+                "shares": [
+                    {
+                        "name": "nfsfileshare",
+                        "enabledProtocols": "NFS"
+                    }
+                ]
+            }
+        },
+        "systemAssignedIdentity": {
+            "value": true
+        },
+        "userAssignedIdentities": {
+            "value": {
+                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+            }
+        },
+        "roleAssignments": {
+            "value": [
+                {
+                    "roleDefinitionIdOrName": "Reader",
+                    "principalIds": [
+                        "<<deploymentSpId>>"
+                    ]
+                }
+            ]
+        },
+        "diagnosticLogsRetentionInDays": {
+            "value": 7
+        },
+        "diagnosticStorageAccountId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+        },
+        "diagnosticWorkspaceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+        },
+        "diagnosticEventHubAuthorizationRuleId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+        },
+        "diagnosticEventHubName": {
+            "value": "adp-<<namePrefix>>-az-evh-x-001"
+        }
+    }
+}
@@ -31,7 +31,6 @@ This module can be used to deploy a blob service into a storage account.
 | `name` | string | `default` |  | Optional. The name of the blob service |
 | `storageAccountName` | string |  |  | Required. Name of the Storage Account. |
 
-
 ## Outputs
 
 | Output Name | Type | Description |

@@ -108,11 +108,13 @@ resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@
 }
 
 module fileServices_shares 'shares/deploy.bicep' = [for (share, index) in shares: {
-  name: '${deployment().name}-File-${index}'
+  name: '${deployment().name}-shares-${index}'
   params: {
     storageAccountName: storageAccount.name
     fileServicesName: fileServices.name
     name: share.name
+    enabledProtocols: contains(share, 'enabledProtocols') ? share.enabledProtocols : 'SMB'
+    rootSquash: contains(share, 'rootSquash') ? share.rootSquash : 'NoRootSquash'
     sharedQuota: contains(share, 'sharedQuota') ? share.sharedQuota : 5120
     roleAssignments: contains(share, 'roleAssignments') ? share.roleAssignments : []
   }

@@ -11,6 +11,21 @@ param name string
 @description('Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400.')
 param sharedQuota int = 5120
 
+@allowed([
+    'NFS'
+    'SMB'
+])
+@description('Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share.')
+param enabledProtocols string = 'SMB'
+
+@allowed([
+    'AllSquash'
+    'NoRootSquash'
+    'RootSquash'
+])
+@description('Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares.')
+param rootSquash string = 'NoRootSquash'
+
 @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'')
 param roleAssignments array = []
 
@@ -30,11 +45,13 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing
   }
 }
 
-resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2019-06-01' = {
+resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-08-01' = {
   name: name
   parent: storageAccount::fileService
   properties: {
     shareQuota: sharedQuota
+    rootSquash: enabledProtocols == 'NFS' ? rootSquash : null
+    enabledProtocols: enabledProtocols
   }
 }
 

@@ -7,16 +7,18 @@ This module deploys a storage account file share.
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview |
-| `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 |
+| `Microsoft.Storage/storageAccounts/fileServices/shares` | 2021-08-01 |
 
 ## Parameters
 
 | Parameter Name | Type | Default Value | Possible Values | Description |
 | :-- | :-- | :-- | :-- | :-- |
 | `cuaId` | string |  |  | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered |
+| `enabledProtocols` | string | `SMB` | `[NFS, SMB]` | Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share. |
 | `fileServicesName` | string | `default` |  | Optional. The name of the file service |
 | `name` | string |  |  | Required. The name of the file share to create |
 | `roleAssignments` | array | `[]` |  | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' |
+| `rootSquash` | string | `NoRootSquash` | `[AllSquash, NoRootSquash, RootSquash]` | Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. |
 | `sharedQuota` | int | `5120` |  | Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400. |
 | `storageAccountName` | string |  |  | Required. Name of the Storage Account. |
 
@@ -53,4 +55,4 @@ This module deploys a storage account file share.
 ## Template references
 
 - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments)
-- [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares)
+- [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-08-01/storageAccounts/fileServices/shares)
@@ -27,7 +27,6 @@ This module can be used to deploy a file share service into a storage account.
 | `queues` | _[queues](queues/readme.md)_ array | `[]` |  | Optional. Queues to create. |
 | `storageAccountName` | string |  |  | Required. Name of the Storage Account. |
 
-
 ## Outputs
 
 | Output Name | Type | Description |