From f376bc914f089374199fb93fad3592f54987f661 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 28 Feb 2022 23:20:43 +0100 Subject: [PATCH 1/5] Additions to NFS fileshares --- .../fileServices/shares/deploy.bicep | 19 ++++++++++++++++++- .../fileServices/shares/readme.md | 6 ++++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep index 5c19a0f042..2c59b7a933 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep @@ -11,6 +11,21 @@ param name string @description('Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400.') param sharedQuota int = 5120 +@allowed([ + 'NFS' + 'SMB' +]) +@description('Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share.') +param enabledProtocols string = 'SMB' + +@allowed([ + 'AllSquash' + 'NoRootSquash' + 'RootSquash' +]) +@description('Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares.') +param rootSquash string = 'NoRootSquash' + @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -30,11 +45,13 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing } } -resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2019-06-01' = { +resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-08-01' = { name: name parent: storageAccount::fileService properties: { shareQuota: sharedQuota + rootSquash: enabledProtocols == 'NFS' ? rootSquash : null + enabledProtocols: enabledProtocols } } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md index 1ce7b8757f..9037718da9 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md @@ -7,16 +7,18 @@ This module deploys a storage account file share. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | -| `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | +| `Microsoft.Storage/storageAccounts/fileServices/shares` | 2021-08-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `enabledProtocols` | string | `SMB` | `[NFS, SMB]` | Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share. | | `fileServicesName` | string | `default` | | Optional. The name of the file service | | `name` | string | | | Required. The name of the file share to create | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | +| `rootSquash` | string | `NoRootSquash` | `[AllSquash, NoRootSquash, RootSquash]` | Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. | | `sharedQuota` | int | `5120` | | Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | @@ -53,4 +55,4 @@ This module deploys a storage account file share. ## Template references - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) -- [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares) +- [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-08-01/storageAccounts/fileServices/shares) From 26abd2760ec174f656be8247741dde3edd5e99a8 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 4 Mar 2022 13:29:01 +0100 Subject: [PATCH 2/5] Added settings on ipConfiguration for nic to accept asg and LB --- .../virtualMachines/.bicep/nested_networkInterface.bicep | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep index b6c651a66d..b2cb9e37cc 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep @@ -73,6 +73,8 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-03-01' = { subnet: { id: ipConfiguration.subnetId } + loadBalancerBackendAddressPools: contains(ipConfiguration, 'loadBalancerBackendAddressPools') ? ipConfiguration.loadBalancerBackendAddressPools : null + applicationSecurityGroups: contains(ipConfiguration, 'applicationSecurityGroups') ? ipConfiguration.applicationSecurityGroups : null } }] } From d8180d9fcc405cbdd27abf95101f1479ed1c04f1 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 00:05:54 +0100 Subject: [PATCH 3/5] Added support and test for ASG and LB --- .../.parameters/linux.parameters.json | 12 +++++++++++- .../.parameters/windows.parameters.json | 13 ++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json index 6746a22b78..a8bf1eafc7 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json @@ -73,7 +73,17 @@ ] } ] - } + }, + "loadBalancerBackendAddressPools": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-x-001/backendAddressPools/servers" + } + ], + "applicationSecurityGroups": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" + } + ] } ], "roleAssignments": [ diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json index ba7024125f..764bad5977 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json @@ -62,7 +62,18 @@ ] } ] - } + }, + "loadBalancerBackendAddressPools": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-x-001/backendAddressPools/servers" + } + ], + "applicationSecurityGroups": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" + } + ] + } ], "roleAssignments": [ From 35c6d07f86d0e6aba0a403e70701fbfe6004ae11 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 00:09:36 +0100 Subject: [PATCH 4/5] fix vm api --- arm/.global/global.module.tests.ps1 | 2 +- .../virtualMachines/.bicep/nested_networkInterface.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/.global/global.module.tests.ps1 b/arm/.global/global.module.tests.ps1 index 8583dfb678..e0ba482b08 100644 --- a/arm/.global/global.module.tests.ps1 +++ b/arm/.global/global.module.tests.ps1 @@ -847,7 +847,7 @@ Describe "API version tests [All apiVersions in the template should be 'recent'] } } - It 'In [] used resource type [] should use on of the recent API version(s). Currently using []' -TestCases $TestCases { + It 'In [] used resource type [] should use one of the recent API version(s). Currently using []' -TestCases $TestCases { param( $moduleName, $resourceType, diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep index b2cb9e37cc..233a4e0c40 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep @@ -50,7 +50,7 @@ module networkInterface_publicIPConfigurations 'nested_networkInterface_publicIP } }] -resource networkInterface 'Microsoft.Network/networkInterfaces@2021-03-01' = { +resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { name: networkInterfaceName location: location tags: tags From db2c3ca27bae88ab8f4251275cca728de512bf10 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 6 Mar 2022 11:03:03 +0100 Subject: [PATCH 5/5] dependency module change name --- .../virtualMachines/.parameters/linux.parameters.json | 2 +- .../virtualMachines/.parameters/windows.parameters.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json index a8bf1eafc7..efb494bb0e 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json @@ -76,7 +76,7 @@ }, "loadBalancerBackendAddressPools": [ { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-x-001/backendAddressPools/servers" + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" } ], "applicationSecurityGroups": [ diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json index 764bad5977..3757f97f11 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json @@ -65,7 +65,7 @@ }, "loadBalancerBackendAddressPools": [ { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-x-001/backendAddressPools/servers" + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" } ], "applicationSecurityGroups": [