From ffc824bc16ab0f5894c1651a34f9d924290f9f7b Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 18:47:52 +0100 Subject: [PATCH 01/10] Update to latest --- .../diagnosticSettings/deploy.bicep | 15 +++++++++++++++ .../diagnosticSettings/readme.md | 1 + 2 files changed, 16 insertions(+) diff --git a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep index 71d8eb855c..67b1bd705b 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep +++ b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep @@ -44,6 +44,9 @@ param logsToEnable array = [ 'ResourceHealth' ] +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + var diagnosticsLogs = [for log in logsToEnable: { category: log enabled: true @@ -53,6 +56,18 @@ var diagnosticsLogs = [for log in logsToEnable: { } }] +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { name: name properties: { diff --git a/arm/Microsoft.Insights/diagnosticSettings/readme.md b/arm/Microsoft.Insights/diagnosticSettings/readme.md index f225ac5394..0d31f3d458 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/readme.md +++ b/arm/Microsoft.Insights/diagnosticSettings/readme.md @@ -17,6 +17,7 @@ This module deploys a subscription wide export of the activity log. | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `logsToEnable` | array | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | Optional. The name of logs that will be streamed. | | `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Optional. Name of the ActivityLog diagnostic settings. | From 15bb7ee150f8c3eaa3fcae96291b0110277be7f8 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 18:50:55 +0100 Subject: [PATCH 02/10] Update to latest --- .../policyExemptions/deploy.bicep | 15 +++++++++++++++ .../policyExemptions/managementGroup/deploy.bicep | 15 +++++++++++++++ .../policyExemptions/managementGroup/readme.md | 1 + .../policyExemptions/readme.md | 1 + .../policyExemptions/subscription/deploy.bicep | 15 +++++++++++++++ .../policyExemptions/subscription/readme.md | 1 + 6 files changed, 48 insertions(+) diff --git a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep index 5f89ad16f7..0ab2370f2a 100644 --- a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep +++ b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep @@ -42,6 +42,21 @@ param resourceGroupName string = '' @sys.description('Optional. Location for all resources.') param location string = deployment().location +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module policyExemption_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-PolicyExemption-MG-Module' scope: managementGroup(managementGroupId) diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep index c1f1169e93..d87a8d0718 100644 --- a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep @@ -33,6 +33,21 @@ param expiresOn string = '' @sys.description('Optional. The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment.') param managementGroupId string = managementGroup().name +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policyExemption 'Microsoft.Authorization/policyExemptions@2020-07-01-preview' = { name: name properties: { diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md index 3ac4570161..2650c770fa 100644 --- a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md @@ -14,6 +14,7 @@ With this module you can create policy exemptions on a management group level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The description of the policy exemption. | | `displayName` | string | | | Optional. The display name of the policy assignment. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated | | `expiresOn` | string | | | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | diff --git a/arm/Microsoft.Authorization/policyExemptions/readme.md b/arm/Microsoft.Authorization/policyExemptions/readme.md index 6936706c51..57be93ea6d 100644 --- a/arm/Microsoft.Authorization/policyExemptions/readme.md +++ b/arm/Microsoft.Authorization/policyExemptions/readme.md @@ -14,6 +14,7 @@ With this module you can create policy exemptions across the management group, s | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The description of the policy exemption. | | `displayName` | string | | | Optional. The display name of the policy exemption. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated | | `expiresOn` | string | | | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep index 9d8678ebb4..2fec3817f7 100644 --- a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep @@ -33,6 +33,21 @@ param expiresOn string = '' @sys.description('Optional. The subscription ID of the subscription to be exempted from the policy assignment. If not provided, will use the current scope for deployment.') param subscriptionId string = subscription().subscriptionId +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policyExemption 'Microsoft.Authorization/policyExemptions@2020-07-01-preview' = { name: name properties: { diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md index 111d447838..dd60c9e262 100644 --- a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md +++ b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md @@ -14,6 +14,7 @@ With this module you can create policy exemptions on a subscription level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The description of the policy exemption. | | `displayName` | string | | | Optional. The display name of the policy exemption. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated | | `expiresOn` | string | | | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z | | `metadata` | object | `{object}` | | Optional. The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | From 3587086e3bbc9a535482bf6715af65ac64e08f83 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 18:52:58 +0100 Subject: [PATCH 03/10] Update to latest --- .../roleAssignments/managementGroup/deploy.bicep | 15 +++++++++++++++ .../roleAssignments/managementGroup/readme.md | 1 + .../roleAssignments/subscription/deploy.bicep | 15 +++++++++++++++ .../roleAssignments/subscription/readme.md | 1 + 4 files changed, 32 insertions(+) diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep index 1bc2e4ce88..0ccf2e8137 100644 --- a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep @@ -35,6 +35,9 @@ param conditionVersion string = '2.0' ]) param principalType string = '' +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + var builtInRoleNames_var = { 'AcrPush': '/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec' 'API Management Service Contributor': '/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c' @@ -321,6 +324,18 @@ var builtInRoleNames_var = { var roleDefinitionId_var = (contains(builtInRoleNames_var, roleDefinitionIdOrName) ? builtInRoleNames_var[roleDefinitionIdOrName] : roleDefinitionIdOrName) +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = { name: guid(managementGroupId, roleDefinitionId_var, principalId) properties: { diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md index 10e98eb01b..10c47b32e9 100644 --- a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md @@ -16,6 +16,7 @@ With this module you can perform role assignments on a management group level | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" | | `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | | `principalType` | string | | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep index bf5f0fcd9b..b5600f9379 100644 --- a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep @@ -35,6 +35,9 @@ param conditionVersion string = '2.0' ]) param principalType string = '' +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + var builtInRoleNames_var = { 'AcrPush': '/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec' 'API Management Service Contributor': '/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c' @@ -319,6 +322,18 @@ var builtInRoleNames_var = { 'Azure Maps Contributor': '/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb' } +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + var roleDefinitionId_var = (contains(builtInRoleNames_var, roleDefinitionIdOrName) ? builtInRoleNames_var[roleDefinitionIdOrName] : roleDefinitionIdOrName) resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = { diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md index 54917e3356..c85644fcfd 100644 --- a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md @@ -16,6 +16,7 @@ With this module you can perform role assignments on a subscription level | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" | | `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | | `principalType` | string | | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | | `roleDefinitionIdOrName` | string | | | Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | From 392a49163b82257a90c636e73d53d88f7db6930d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 18:57:54 +0100 Subject: [PATCH 04/10] Update to latest --- .../policyAssignments/deploy.bicep | 15 +++++++++++++++ .../managementGroup/deploy.bicep | 15 +++++++++++++++ .../policyAssignments/managementGroup/readme.md | 1 + .../policyAssignments/readme.md | 1 + .../policyAssignments/subscription/deploy.bicep | 15 +++++++++++++++ .../policyAssignments/subscription/readme.md | 1 + .../policyDefinitions/deploy.bicep | 15 +++++++++++++++ .../managementGroup/deploy.bicep | 15 +++++++++++++++ .../policyDefinitions/managementGroup/readme.md | 1 + .../policyDefinitions/readme.md | 1 + .../policyDefinitions/subscription/deploy.bicep | 15 +++++++++++++++ .../policyDefinitions/subscription/readme.md | 1 + .../policySetDefinitions/deploy.bicep | 15 +++++++++++++++ .../managementGroup/deploy.bicep | 15 +++++++++++++++ .../managementGroup/readme.md | 1 + .../policySetDefinitions/readme.md | 1 + .../subscription/deploy.bicep | 15 +++++++++++++++ .../policySetDefinitions/subscription/readme.md | 1 + .../roleAssignments/deploy.bicep | 15 +++++++++++++++ .../roleAssignments/readme.md | 1 + .../roleDefinitions/deploy.bicep | 15 +++++++++++++++ .../roleDefinitions/managementGroup/deploy.bicep | 15 +++++++++++++++ .../roleDefinitions/managementGroup/readme.md | 1 + .../roleDefinitions/readme.md | 1 + .../roleDefinitions/subscription/deploy.bicep | 15 +++++++++++++++ .../roleDefinitions/subscription/readme.md | 1 + 26 files changed, 208 insertions(+) diff --git a/arm/Microsoft.Authorization/policyAssignments/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/deploy.bicep index 7e5c1b1e83..300be967bf 100644 --- a/arm/Microsoft.Authorization/policyAssignments/deploy.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/deploy.bicep @@ -54,6 +54,21 @@ param notScopes array = [] @sys.description('Optional. Location for all resources.') param location string = deployment().location +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module policyAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-PolicyAssignment-MG-Module' scope: managementGroup(managementGroupId) diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep index 7cfbb78895..eb16c6956a 100644 --- a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep @@ -53,10 +53,25 @@ var nonComplianceMessage_var = { message: !empty(nonComplianceMessage) ? nonComplianceMessage : null } +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + var identity_var = identity == 'SystemAssigned' ? { type: identity } : null +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = { name: name location: location diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md index 1f527ccc17..3ef12af8bd 100644 --- a/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md @@ -15,6 +15,7 @@ With this module you can perform policy assignments on a management group level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. This message will be part of response in case of policy violation. | | `displayName` | string | | | Optional. The display name of the policy assignment. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enforcementMode` | string | `Default` | `[Default, DoNotEnforce]` | Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce | | `identity` | string | `SystemAssigned` | `[SystemAssigned, None]` | Optional. The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | diff --git a/arm/Microsoft.Authorization/policyAssignments/readme.md b/arm/Microsoft.Authorization/policyAssignments/readme.md index b7cc490356..df7db22640 100644 --- a/arm/Microsoft.Authorization/policyAssignments/readme.md +++ b/arm/Microsoft.Authorization/policyAssignments/readme.md @@ -15,6 +15,7 @@ With this module you can perform policy assignments across the management group, | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. This message will be part of response in case of policy violation. | | `displayName` | string | | | Optional. The display name of the policy assignment. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enforcementMode` | string | `Default` | `[Default, DoNotEnforce]` | Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce | | `identity` | string | `SystemAssigned` | `[SystemAssigned, None]` | Optional. The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep index d13fbf2e89..9df8ce15ec 100644 --- a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep @@ -53,10 +53,25 @@ var nonComplianceMessage_var = { @sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.') param subscriptionId string = subscription().subscriptionId +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + var identity_var = identity == 'SystemAssigned' ? { type: identity } : null +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = { name: name location: location diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md b/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md index 0214edc0c3..d5943d97e5 100644 --- a/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md +++ b/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md @@ -15,6 +15,7 @@ With this module you can perform policy assignments on a subscription level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. This message will be part of response in case of policy violation. | | `displayName` | string | | | Optional. The display name of the policy assignment. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enforcementMode` | string | `Default` | `[Default, DoNotEnforce]` | Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce | | `identity` | string | `SystemAssigned` | `[SystemAssigned, None]` | Optional. The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | diff --git a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep index 198a9be60f..1aefba8da0 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep @@ -39,6 +39,21 @@ param subscriptionId string = '' @sys.description('Optional. Location for all resources.') param location string = deployment().location +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module policyDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId)) { name: '${uniqueString(deployment().name, location)}-PolicyDefinition-MG-Module' scope: managementGroup(managementGroupId) diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep index 2e0046ff26..5771bc0b23 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep @@ -33,6 +33,21 @@ param policyRule object @sys.description('Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment.') param managementGroupId string = managementGroup().name +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = { name: name properties: { diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md index ba5d7fe803..bfe2719bc8 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md @@ -14,6 +14,7 @@ With this module you can create policy definitions on a management group level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The policy definition description. | | `displayName` | string | | | Optional. The display name of the policy definition. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `mode` | string | `All` | `[All, Indexed, Microsoft.KeyVault.Data, Microsoft.ContainerService.Data, Microsoft.Kubernetes.Data]` | Optional. The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | diff --git a/arm/Microsoft.Authorization/policyDefinitions/readme.md b/arm/Microsoft.Authorization/policyDefinitions/readme.md index 5190891a52..336f86aef8 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/readme.md +++ b/arm/Microsoft.Authorization/policyDefinitions/readme.md @@ -14,6 +14,7 @@ With this module you can create policy definitions across the management group o | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The policy definition description. | | `displayName` | string | | | Optional. The display name of the policy definition. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep index b99c23225c..f7f14a96d8 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep @@ -33,6 +33,21 @@ param policyRule object @sys.description('Optional. The subscription ID of the subscription') param subscriptionId string = subscription().subscriptionId +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = { name: name properties: { diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md index 4f47add459..90de7e498b 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md +++ b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md @@ -14,6 +14,7 @@ With this module you can create policy definitions on a subscription level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The policy definition description. | | `displayName` | string | | | Optional. The display name of the policy definition. Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `metadata` | object | `{object}` | | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `mode` | string | `All` | `[All, Indexed, Microsoft.KeyVault.Data, Microsoft.ContainerService.Data, Microsoft.Kubernetes.Data]` | Optional. The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | | `name` | string | | | Required. Specifies the name of the policy definition. Maximum length is 64 characters. | diff --git a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep index 7aef6f5258..063a7b5d90 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep @@ -32,6 +32,21 @@ param parameters object = {} @sys.description('Optional. Location for all resources.') param location string = deployment().location +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module policySetDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId)) { name: '${uniqueString(deployment().name, location)}-PolicySetDefinition-MG-Module' scope: managementGroup(managementGroupId) diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep index 192012e44d..d735154b5d 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep @@ -26,6 +26,21 @@ param policyDefinitionGroups array = [] @sys.description('Optional. The Set Definition (Initiative) parameters that can be used in policy definition references.') param parameters object = {} +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policySetDefinition 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = { name: name properties: { diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md index 17ed1856b0..e0368addc0 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md @@ -14,6 +14,7 @@ With this module you can create policy set definitions on a management group lev | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The description name of the Set Definition (Initiative) | | `displayName` | string | | | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `name` | string | | | Required. Specifies the name of the policy Set Definition (Initiative). Maximum length is 24 characters for management group scope. | diff --git a/arm/Microsoft.Authorization/policySetDefinitions/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/readme.md index f2f27209c0..0ac4730310 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/readme.md +++ b/arm/Microsoft.Authorization/policySetDefinitions/readme.md @@ -14,6 +14,7 @@ With this module you can create policy set definitions across the management gro | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The description name of the Set Definition (Initiative) | | `displayName` | string | | | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep index 236bc90c5c..b35c20f3fd 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep @@ -26,6 +26,21 @@ param policyDefinitionGroups array = [] @sys.description('Optional. The Set Definition (Initiative) parameters that can be used in policy definition references.') param parameters object = {} +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource policySetDefinition 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = { name: name properties: { diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md index 11a83a542b..9cae11577f 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md +++ b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md @@ -14,6 +14,7 @@ With this module you can create policy set definitions on a subscription level. | :-- | :-- | :-- | :-- | :-- | | `description` | string | | | Optional. The description name of the Set Definition (Initiative) | | `displayName` | string | | | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `metadata` | object | `{object}` | | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `name` | string | | | Required. Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | | `parameters` | object | `{object}` | | Optional. The Set Definition (Initiative) parameters that can be used in policy definition references. | diff --git a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep index 01a069ea86..c8146cecba 100644 --- a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep +++ b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep @@ -44,6 +44,21 @@ param conditionVersion string = '2.0' ]) param principalType string = '' +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module roleAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-RoleAssignment-MG-Module' scope: managementGroup(managementGroupId) diff --git a/arm/Microsoft.Authorization/roleAssignments/readme.md b/arm/Microsoft.Authorization/roleAssignments/readme.md index bbfb50fcc2..9bb90f1017 100644 --- a/arm/Microsoft.Authorization/roleAssignments/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/readme.md @@ -16,6 +16,7 @@ This module deploys Role Assignments across the management group, subscription o | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" | | `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | diff --git a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep index 2fed913ce9..1bf3c34402 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep @@ -33,6 +33,21 @@ param location string = deployment().location @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.') param assignableScopes array = [] +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module roleDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) { name: '${uniqueString(deployment().name, location)}-RoleDefinition-MG-Module' scope: managementGroup(managementGroupId) diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep index b915817aa6..4d5bb27077 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep @@ -18,6 +18,21 @@ param managementGroupId string = managementGroup().name @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.') param assignableScopes array = [] +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { name: guid(roleName, managementGroupId) properties: { diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md index 50dc65f01f..4f0f28d370 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md @@ -15,6 +15,7 @@ With this module you can create role definitions on a management group level | `actions` | array | `[]` | | Optional. List of allowed actions. | | `assignableScopes` | array | `[]` | | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. | | `description` | string | | | Optional. Description of the custom RBAC role to be created. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | | `notActions` | array | `[]` | | Optional. List of denied actions. | | `roleName` | string | | | Required. Name of the custom RBAC role to be created. | diff --git a/arm/Microsoft.Authorization/roleDefinitions/readme.md b/arm/Microsoft.Authorization/roleDefinitions/readme.md index 5df05a8322..19ce0ecbec 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/readme.md +++ b/arm/Microsoft.Authorization/roleDefinitions/readme.md @@ -16,6 +16,7 @@ This module deploys custom RBAC Role Definitions across the management group, su | `assignableScopes` | array | `[]` | | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. | | `dataActions` | array | `[]` | | Optional. List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes | | `description` | string | | | Optional. Description of the custom RBAC role to be created. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | | `notActions` | array | `[]` | | Optional. List of denied actions. | diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep index abc70bc7f8..be9d4812b2 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep @@ -24,6 +24,21 @@ param subscriptionId string = subscription().subscriptionId @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.') param assignableScopes array = [] +@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { name: guid(roleName, subscriptionId) properties: { diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md index 950830c0cd..cbd393a57d 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md +++ b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md @@ -16,6 +16,7 @@ With this module you can create role definitions on a subscription level | `assignableScopes` | array | `[]` | | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. | | `dataActions` | array | `[]` | | Optional. List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes | | `description` | string | | | Optional. Description of the custom RBAC role to be created. | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `notActions` | array | `[]` | | Optional. List of denied actions. | | `notDataActions` | array | `[]` | | Optional. List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes | | `roleName` | string | | | Required. Name of the custom RBAC role to be created. | From 39191b20004a7f8d8ec8eef8d239b173c16265b7 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 22:07:47 +0100 Subject: [PATCH 05/10] Added addition check in pipeline --- .../pipelineTemplates/jobs.validateModuleDeployment.yml | 4 ++-- .github/actions/templates/validateModuleDeployment/action.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml b/.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml index 4e89156966..bf3d32009d 100644 --- a/.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml +++ b/.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml @@ -241,7 +241,7 @@ jobs: } $projectSettings = Get-Content -Path 'settings.json' | ConvertFrom-Json - if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry)) { + if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry) -and (Get-Content -Path $functionInput.templateFilePath -Raw) -like '*param enableDefaultTelemetry*') { $functionInput['additionalParameters'] += @{ enableDefaultTelemetry = $projectSettings.enableDefaultTelemetry } @@ -291,7 +291,7 @@ jobs: } $projectSettings = Get-Content -Path 'settings.json' | ConvertFrom-Json - if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry)) { + if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry) -and (Get-Content -Path $functionInput.templateFilePath -Raw) -like '*param enableDefaultTelemetry*') { $functionInput['additionalParameters'] += @{ enableDefaultTelemetry = $projectSettings.enableDefaultTelemetry } diff --git a/.github/actions/templates/validateModuleDeployment/action.yml b/.github/actions/templates/validateModuleDeployment/action.yml index 97bcc17ec1..ac57bd1e42 100644 --- a/.github/actions/templates/validateModuleDeployment/action.yml +++ b/.github/actions/templates/validateModuleDeployment/action.yml @@ -154,7 +154,7 @@ runs: } $projectSettings = Get-Content -Path 'settings.json' | ConvertFrom-Json - if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry)) { + if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry) -and (Get-Content -Path $functionInput.templateFilePath -Raw) -like '*param enableDefaultTelemetry*') { $functionInput['additionalParameters'] += @{ enableDefaultTelemetry = $projectSettings.enableDefaultTelemetry } @@ -191,7 +191,7 @@ runs: } $projectSettings = Get-Content -Path 'settings.json' | ConvertFrom-Json - if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry)) { + if (-not [String]::IsNullOrEmpty($projectSettings.enableDefaultTelemetry) -and (Get-Content -Path $functionInput.templateFilePath -Raw) -like '*param enableDefaultTelemetry*') { $functionInput['additionalParameters'] += @{ enableDefaultTelemetry = $projectSettings.enableDefaultTelemetry } From 996bc3ed594ffa0b51e56e16c861e9050a899a67 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 22:14:31 +0100 Subject: [PATCH 06/10] Removed cuaID files --- .../resourceGroup/.bicep/nested_cuaId.bicep | 1 - .../resourceGroup/.bicep/nested_cuaId.bicep | 1 - .../resourceGroup/.bicep/nested_cuaId.bicep | 1 - .../resourceGroup/.bicep/nested_cuaId.bicep | 1 - .../replications/.bicep/nested_cuaId.bicep | 1 - .../systemTopics/.bicep/nested_cuaId.bicep | 1 - .../privateDnsZones/A/.bicep/nested_cuaId.bicep | 1 - .../AAAA/.bicep/nested_cuaId.bicep | 1 - .../CNAME/.bicep/nested_cuaId.bicep | 1 - .../MX/.bicep/nested_cuaId.bicep | 1 - .../PTR/.bicep/nested_cuaId.bicep | 1 - .../SOA/.bicep/nested_cuaId.bicep | 1 - .../SRV/.bicep/nested_cuaId.bicep | 1 - .../TXT/.bicep/nested_cuaId.bicep | 1 - .../vpnGateways/.bicep/nested_cuaId.bicep | 1 - .../connections/.bicep/nested_cuaId.bicep | 1 - .../natRules/.bicep/nested_cuaId.bicep | 1 - .../vpnSites/.bicep/nested_cuaId.bicep | 1 - .../staticSites/.bicep/nested_cuaId.bicep | 1 - arm/Microsoft.Web/staticSites/deploy.bicep | 17 ++++++++++++----- 20 files changed, 12 insertions(+), 24 deletions(-) delete mode 100644 arm/Microsoft.Authorization/policyAssignments/resourceGroup/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Authorization/policyExemptions/resourceGroup/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Authorization/roleAssignments/resourceGroup/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Authorization/roleDefinitions/resourceGroup/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.EventGrid/systemTopics/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/A/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/MX/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/vpnGateways/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/vpnGateways/connections/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/vpnGateways/natRules/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Network/vpnSites/.bicep/nested_cuaId.bicep delete mode 100644 arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep diff --git a/arm/Microsoft.Authorization/policyAssignments/resourceGroup/.bicep/nested_cuaId.bicep b/arm/Microsoft.Authorization/policyAssignments/resourceGroup/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Authorization/policyAssignments/resourceGroup/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Authorization/policyExemptions/resourceGroup/.bicep/nested_cuaId.bicep b/arm/Microsoft.Authorization/policyExemptions/resourceGroup/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Authorization/policyExemptions/resourceGroup/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Authorization/roleAssignments/resourceGroup/.bicep/nested_cuaId.bicep b/arm/Microsoft.Authorization/roleAssignments/resourceGroup/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Authorization/roleAssignments/resourceGroup/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/.bicep/nested_cuaId.bicep b/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.EventGrid/systemTopics/.bicep/nested_cuaId.bicep b/arm/Microsoft.EventGrid/systemTopics/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.EventGrid/systemTopics/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/A/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/A/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/A/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/MX/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/MX/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/MX/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/vpnGateways/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/vpnGateways/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/vpnGateways/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/vpnGateways/connections/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/vpnGateways/connections/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/vpnGateways/connections/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/vpnGateways/natRules/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/vpnGateways/natRules/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/vpnGateways/natRules/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Network/vpnSites/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/vpnSites/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Network/vpnSites/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep b/arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep deleted file mode 100644 index 8b13789179..0000000000 --- a/arm/Microsoft.Web/staticSites/.bicep/nested_cuaId.bicep +++ /dev/null @@ -1 +0,0 @@ - diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 03ff5d5251..3c4efe5f2d 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -71,8 +71,8 @@ param privateEndpoints array = [] @description('Optional. Tags of the resource.') param tags object = {} -@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered.') -param cuaId string = '' +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] @@ -84,9 +84,16 @@ var identity = identityType != 'None' ? { userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null } : null -module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { - name: 'pid-${cuaId}' - params: {} +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } } resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { From 51b44d38e0a736cf8d38bfecd195ee6cfd2f2da8 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 22:16:50 +0100 Subject: [PATCH 07/10] Update to latest --- arm/Microsoft.Authorization/roleDefinitions/deploy.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep index 1bf3c34402..42dd117d81 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep @@ -38,6 +38,7 @@ param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { From c632b4696365728a99a3f8a61f4d4aa15c711cae Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 22:47:12 +0100 Subject: [PATCH 08/10] Update cua for authorization with location --- .../policyAssignments/managementGroup/deploy.bicep | 1 + .../policyAssignments/subscription/deploy.bicep | 1 + arm/Microsoft.Authorization/policyDefinitions/deploy.bicep | 2 ++ .../policyDefinitions/managementGroup/deploy.bicep | 4 ++++ .../policyDefinitions/managementGroup/readme.md | 1 + .../policyDefinitions/subscription/deploy.bicep | 4 ++++ .../policyDefinitions/subscription/readme.md | 1 + arm/Microsoft.Authorization/policyExemptions/deploy.bicep | 3 +++ .../policyExemptions/managementGroup/deploy.bicep | 4 ++++ .../policyExemptions/managementGroup/readme.md | 1 + .../policyExemptions/subscription/deploy.bicep | 4 ++++ .../policyExemptions/subscription/readme.md | 1 + arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep | 3 +++ .../policySetDefinitions/managementGroup/deploy.bicep | 4 ++++ .../policySetDefinitions/managementGroup/readme.md | 1 + .../policySetDefinitions/subscription/deploy.bicep | 4 ++++ .../policySetDefinitions/subscription/readme.md | 1 + arm/Microsoft.Authorization/roleAssignments/deploy.bicep | 3 +++ .../roleAssignments/managementGroup/deploy.bicep | 4 ++++ .../roleAssignments/managementGroup/readme.md | 1 + .../roleAssignments/subscription/deploy.bicep | 4 ++++ .../roleAssignments/subscription/readme.md | 1 + arm/Microsoft.Authorization/roleDefinitions/deploy.bicep | 2 ++ .../roleDefinitions/managementGroup/deploy.bicep | 4 ++++ .../roleDefinitions/managementGroup/readme.md | 1 + .../roleDefinitions/subscription/deploy.bicep | 4 ++++ .../roleDefinitions/subscription/readme.md | 1 + 27 files changed, 65 insertions(+) diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep index eb16c6956a..46e36f9645 100644 --- a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep @@ -62,6 +62,7 @@ var identity_var = identity == 'SystemAssigned' ? { resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep index 9df8ce15ec..60fd27bf10 100644 --- a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep @@ -62,6 +62,7 @@ var identity_var = identity == 'SystemAssigned' ? { resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep index 1aefba8da0..f02c50027d 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep @@ -66,6 +66,7 @@ module policyDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscripti metadata: !empty(metadata) ? metadata : {} parameters: !empty(parameters) ? parameters : {} policyRule: policyRule + location: location } } @@ -81,6 +82,7 @@ module policyDefinition_sub 'subscription/deploy.bicep' = if (!empty(subscriptio metadata: !empty(metadata) ? metadata : {} parameters: !empty(parameters) ? parameters : {} policyRule: policyRule + location: location } } diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep index 5771bc0b23..72920d688c 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep @@ -33,11 +33,15 @@ param policyRule object @sys.description('Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment.') param managementGroupId string = managementGroup().name +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md index bfe2719bc8..40b5ea28b6 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md @@ -15,6 +15,7 @@ With this module you can create policy definitions on a management group level. | `description` | string | | | Optional. The policy definition description. | | `displayName` | string | | | Optional. The display name of the policy definition. Maximum length is 128 characters. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `mode` | string | `All` | `[All, Indexed, Microsoft.KeyVault.Data, Microsoft.ContainerService.Data, Microsoft.Kubernetes.Data]` | Optional. The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep index f7f14a96d8..cd6f480468 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep @@ -33,11 +33,15 @@ param policyRule object @sys.description('Optional. The subscription ID of the subscription') param subscriptionId string = subscription().subscriptionId +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md index 90de7e498b..f6c5d7d6ad 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md +++ b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md @@ -15,6 +15,7 @@ With this module you can create policy definitions on a subscription level. | `description` | string | | | Optional. The policy definition description. | | `displayName` | string | | | Optional. The display name of the policy definition. Maximum length is 128 characters. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `metadata` | object | `{object}` | | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `mode` | string | `All` | `[All, Indexed, Microsoft.KeyVault.Data, Microsoft.ContainerService.Data, Microsoft.Kubernetes.Data]` | Optional. The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | | `name` | string | | | Required. Specifies the name of the policy definition. Maximum length is 64 characters. | diff --git a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep index 0ab2370f2a..13c4652945 100644 --- a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep +++ b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep @@ -47,6 +47,7 @@ param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { @@ -70,6 +71,7 @@ module policyExemption_mg 'managementGroup/deploy.bicep' = if (empty(subscriptio policyDefinitionReferenceIds: !empty(policyDefinitionReferenceIds) ? policyDefinitionReferenceIds : [] expiresOn: !empty(expiresOn) ? expiresOn : '' managementGroupId: managementGroupId + location: location } } @@ -86,6 +88,7 @@ module policyExemption_sub 'subscription/deploy.bicep' = if (!empty(subscription policyDefinitionReferenceIds: !empty(policyDefinitionReferenceIds) ? policyDefinitionReferenceIds : [] expiresOn: !empty(expiresOn) ? expiresOn : '' subscriptionId: subscriptionId + location: location } } diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep index d87a8d0718..d3843fa673 100644 --- a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep @@ -33,11 +33,15 @@ param expiresOn string = '' @sys.description('Optional. The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment.') param managementGroupId string = managementGroup().name +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md index 2650c770fa..831d46387c 100644 --- a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md @@ -17,6 +17,7 @@ With this module you can create policy exemptions on a management group level. | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated | | `expiresOn` | string | | | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `name` | string | | | Required. Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep index 2fec3817f7..84db8b97da 100644 --- a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep @@ -33,11 +33,15 @@ param expiresOn string = '' @sys.description('Optional. The subscription ID of the subscription to be exempted from the policy assignment. If not provided, will use the current scope for deployment.') param subscriptionId string = subscription().subscriptionId +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md index dd60c9e262..3f59663251 100644 --- a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md +++ b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md @@ -17,6 +17,7 @@ With this module you can create policy exemptions on a subscription level. | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated | | `expiresOn` | string | | | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `metadata` | object | `{object}` | | Optional. The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `name` | string | | | Required. Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | | `policyAssignmentId` | string | | | Required. The resource ID of the policy assignment that is being exempted. | diff --git a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep index 063a7b5d90..83f59917ce 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep @@ -37,6 +37,7 @@ param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { @@ -59,6 +60,7 @@ module policySetDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscri policyDefinitions: policyDefinitions policyDefinitionGroups: !empty(policyDefinitionGroups) ? policyDefinitionGroups : [] managementGroupId: managementGroupId + location: location } } @@ -74,6 +76,7 @@ module policySetDefinition_sub 'subscription/deploy.bicep' = if (!empty(subscrip policyDefinitions: policyDefinitions policyDefinitionGroups: !empty(policyDefinitionGroups) ? policyDefinitionGroups : [] subscriptionId: subscriptionId + location: location } } diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep index d735154b5d..028bdd3b25 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep @@ -26,11 +26,15 @@ param policyDefinitionGroups array = [] @sys.description('Optional. The Set Definition (Initiative) parameters that can be used in policy definition references.') param parameters object = {} +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md index e0368addc0..b6503fbdf8 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md @@ -15,6 +15,7 @@ With this module you can create policy set definitions on a management group lev | `description` | string | | | Optional. The description name of the Set Definition (Initiative) | | `displayName` | string | | | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment. | | `metadata` | object | `{object}` | | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `name` | string | | | Required. Specifies the name of the policy Set Definition (Initiative). Maximum length is 24 characters for management group scope. | diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep index b35c20f3fd..3474e4acd6 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep @@ -26,11 +26,15 @@ param policyDefinitionGroups array = [] @sys.description('Optional. The Set Definition (Initiative) parameters that can be used in policy definition references.') param parameters object = {} +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md index 9cae11577f..bb77375e7c 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md +++ b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md @@ -15,6 +15,7 @@ With this module you can create policy set definitions on a subscription level. | `description` | string | | | Optional. The description name of the Set Definition (Initiative) | | `displayName` | string | | | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `metadata` | object | `{object}` | | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | | `name` | string | | | Required. Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | | `parameters` | object | `{object}` | | Optional. The Set Definition (Initiative) parameters that can be used in policy definition references. | diff --git a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep index c8146cecba..c45027f8cc 100644 --- a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep +++ b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep @@ -49,6 +49,7 @@ param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { @@ -71,6 +72,7 @@ module roleAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscription delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : '' conditionVersion: conditionVersion condition: !empty(condition) ? condition : '' + location: location } } @@ -86,6 +88,7 @@ module roleAssignment_sub 'subscription/deploy.bicep' = if (!empty(subscriptionI delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : '' conditionVersion: conditionVersion condition: !empty(condition) ? condition : '' + location: location } } diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep index 0ccf2e8137..2eaa4187c4 100644 --- a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep @@ -38,6 +38,9 @@ param principalType string = '' @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + var builtInRoleNames_var = { 'AcrPush': '/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec' 'API Management Service Contributor': '/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c' @@ -326,6 +329,7 @@ var roleDefinitionId_var = (contains(builtInRoleNames_var, roleDefinitionIdOrNam resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md index 10c47b32e9..d54f8fd802 100644 --- a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md @@ -17,6 +17,7 @@ With this module you can perform role assignments on a management group level | `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | | `principalType` | string | | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep index b5600f9379..0e1242f2cf 100644 --- a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep @@ -18,6 +18,9 @@ param delegatedManagedIdentityResourceId string = '' @sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to') param condition string = '' +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Version of the condition. Currently accepted value is "2.0"') @allowed([ '2.0' @@ -324,6 +327,7 @@ var builtInRoleNames_var = { resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md index c85644fcfd..54fdd3b58f 100644 --- a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md @@ -17,6 +17,7 @@ With this module you can perform role assignments on a subscription level | `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | | `principalType` | string | | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | | `roleDefinitionIdOrName` | string | | | Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | diff --git a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep index 42dd117d81..1044d7dcb9 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep @@ -59,6 +59,7 @@ module roleDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscription notActions: !empty(notActions) ? notActions : [] assignableScopes: !empty(assignableScopes) ? assignableScopes : [] managementGroupId: managementGroupId + location: location } } @@ -74,6 +75,7 @@ module roleDefinition_sub 'subscription/deploy.bicep' = if (!empty(subscriptionI notDataActions: !empty(notDataActions) ? notDataActions : [] assignableScopes: !empty(assignableScopes) ? assignableScopes : [] subscriptionId: subscriptionId + location: location } } diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep index 4d5bb27077..b311e1da3f 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep @@ -18,11 +18,15 @@ param managementGroupId string = managementGroup().name @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.') param assignableScopes array = [] +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md index 4f0f28d370..c631402ee8 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md +++ b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md @@ -16,6 +16,7 @@ With this module you can create role definitions on a management group level | `assignableScopes` | array | `[]` | | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. | | `description` | string | | | Optional. Description of the custom RBAC role to be created. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | `[managementGroup().name]` | | Optional. The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | | `notActions` | array | `[]` | | Optional. List of denied actions. | | `roleName` | string | | | Required. Name of the custom RBAC role to be created. | diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep index be9d4812b2..d4ee8ae956 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep +++ b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep @@ -24,11 +24,15 @@ param subscriptionId string = subscription().subscriptionId @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.') param assignableScopes array = [] +@sys.description('Optional. Location for all resources.') +param location string = deployment().location + @sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md index cbd393a57d..7ba5758b26 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md +++ b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md @@ -17,6 +17,7 @@ With this module you can create role definitions on a subscription level | `dataActions` | array | `[]` | | Optional. List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes | | `description` | string | | | Optional. Description of the custom RBAC role to be created. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `notActions` | array | `[]` | | Optional. List of denied actions. | | `notDataActions` | array | `[]` | | Optional. List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes | | `roleName` | string | | | Required. Name of the custom RBAC role to be created. | From eaf38a5be216593fd7bb4c90c753b9183513fc3c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 23:00:39 +0100 Subject: [PATCH 09/10] Fixed further modules --- .../registrationDefinitions/deploy.bicep | 4 ++++ .../registrationDefinitions/readme.md | 1 + .../managementGroups/deploy.bicep | 4 ++++ .../managementGroups/readme.md | 1 + .../resourceGroups/deploy.bicep | 1 + arm/Microsoft.Resources/tags/deploy.bicep | 20 +++++++++++++++++++ arm/Microsoft.Resources/tags/readme.md | 2 ++ .../tags/resourceGroups/deploy.bicep | 15 ++++++++++++++ .../tags/resourceGroups/readme.md | 1 + .../tags/subscriptions/deploy.bicep | 19 ++++++++++++++++++ .../tags/subscriptions/readme.md | 2 ++ 11 files changed, 70 insertions(+) diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep b/arm/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep index 3073a8c38f..a897e60da0 100644 --- a/arm/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep +++ b/arm/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep @@ -15,6 +15,9 @@ param authorizations array @description('Optional. Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription.') param resourceGroupName string = '' +@description('Optional. Location for all resources.') +param location string = deployment().location + @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true @@ -22,6 +25,7 @@ var registrationId = empty(resourceGroupName) ? guid(managedByTenantId, subscrip resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/readme.md b/arm/Microsoft.ManagedServices/registrationDefinitions/readme.md index d9a18ec165..59c25b4dc2 100644 --- a/arm/Microsoft.ManagedServices/registrationDefinitions/readme.md +++ b/arm/Microsoft.ManagedServices/registrationDefinitions/readme.md @@ -19,6 +19,7 @@ remote/managing tenant. | :-- | :-- | :-- | :-- | :-- | | `authorizations` | array | | | Required. Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managedByTenantId` | string | | | Required. Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. | | `name` | string | | | Required. Specify a unique name for your offer/registration. i.e ' - - ' | | `registrationDescription` | string | | | Required. Description of the offer/registration. i.e. 'Managed by ' | diff --git a/arm/Microsoft.Management/managementGroups/deploy.bicep b/arm/Microsoft.Management/managementGroups/deploy.bicep index 3780447a5d..4c7952e0ca 100644 --- a/arm/Microsoft.Management/managementGroups/deploy.bicep +++ b/arm/Microsoft.Management/managementGroups/deploy.bicep @@ -12,11 +12,15 @@ param parentId string = '' @description('Optional. Array of role assignment objects to define RBAC on this resource.') param roleAssignments array = [] +@description('Optional. Location for all resources.') +param location string = deployment().location + @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Management/managementGroups/readme.md b/arm/Microsoft.Management/managementGroups/readme.md index 1546176641..78c304bce3 100644 --- a/arm/Microsoft.Management/managementGroups/readme.md +++ b/arm/Microsoft.Management/managementGroups/readme.md @@ -20,6 +20,7 @@ This module has some known **limitations**: | :-- | :-- | :-- | :-- | :-- | | `displayName` | string | | | Optional. The friendly name of the management group. If no value is passed then this field will be set to the group ID. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `name` | string | | | Required. The group ID of the Management group | | `parentId` | string | | | Optional. The management group parent ID. Defaults to current scope. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects to define RBAC on this resource. | diff --git a/arm/Microsoft.Resources/resourceGroups/deploy.bicep b/arm/Microsoft.Resources/resourceGroups/deploy.bicep index f0b9ae6704..b475ba3b1c 100644 --- a/arm/Microsoft.Resources/resourceGroups/deploy.bicep +++ b/arm/Microsoft.Resources/resourceGroups/deploy.bicep @@ -25,6 +25,7 @@ param enableDefaultTelemetry bool = true resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Resources/tags/deploy.bicep b/arm/Microsoft.Resources/tags/deploy.bicep index 4b3d6b791a..7e17989918 100644 --- a/arm/Microsoft.Resources/tags/deploy.bicep +++ b/arm/Microsoft.Resources/tags/deploy.bicep @@ -12,11 +12,31 @@ param resourceGroupName string = '' @description('Optional. Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription.') param subscriptionId string = subscription().id +@description('Optional. Location for all resources.') +param location string = deployment().location + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module tags_sub 'subscriptions/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { name: '${deployment().name}-Tags-Sub' params: { onlyUpdate: onlyUpdate tags: tags + location: location } } diff --git a/arm/Microsoft.Resources/tags/readme.md b/arm/Microsoft.Resources/tags/readme.md index c93ce02f7f..60cfde19da 100644 --- a/arm/Microsoft.Resources/tags/readme.md +++ b/arm/Microsoft.Resources/tags/readme.md @@ -12,6 +12,8 @@ This module deploys Resources Tags on a subscription or resource group scope. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `onlyUpdate` | bool | `False` | | Optional. Instead of overwriting the existing tags, combine them with the new tags | | `resourceGroupName` | string | | | Optional. Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | | `subscriptionId` | string | `[subscription().id]` | | Optional. Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | diff --git a/arm/Microsoft.Resources/tags/resourceGroups/deploy.bicep b/arm/Microsoft.Resources/tags/resourceGroups/deploy.bicep index 3c06c2b2a5..81993a0cde 100644 --- a/arm/Microsoft.Resources/tags/resourceGroups/deploy.bicep +++ b/arm/Microsoft.Resources/tags/resourceGroups/deploy.bicep @@ -7,6 +7,21 @@ param name string = 'default' @description('Optional. Instead of overwriting the existing tags, combine them with the new tags') param onlyUpdate bool = false +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module readTags '.bicep/readTags.bicep' = if (onlyUpdate) { name: '${deployment().name}-ReadTags' } diff --git a/arm/Microsoft.Resources/tags/resourceGroups/readme.md b/arm/Microsoft.Resources/tags/resourceGroups/readme.md index 9dc9742cee..bc8238727f 100644 --- a/arm/Microsoft.Resources/tags/resourceGroups/readme.md +++ b/arm/Microsoft.Resources/tags/resourceGroups/readme.md @@ -12,6 +12,7 @@ This module deploys Resources Tags on a resource group scope. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | | `name` | string | `default` | | Optional. The name of the tags resource. | | `onlyUpdate` | bool | `False` | | Optional. Instead of overwriting the existing tags, combine them with the new tags | | `tags` | object | `{object}` | | Optional. Tags for the resource group. If not provided, removes existing tags | diff --git a/arm/Microsoft.Resources/tags/subscriptions/deploy.bicep b/arm/Microsoft.Resources/tags/subscriptions/deploy.bicep index 37f4759a8e..7c45459dd3 100644 --- a/arm/Microsoft.Resources/tags/subscriptions/deploy.bicep +++ b/arm/Microsoft.Resources/tags/subscriptions/deploy.bicep @@ -9,6 +9,25 @@ param name string = 'default' @description('Optional. Instead of overwriting the existing tags, combine them with the new tags') param onlyUpdate bool = false +@description('Optional. Location for all resources.') +param location string = deployment().location + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + module readTags '.bicep/readTags.bicep' = if (onlyUpdate) { name: '${deployment().name}-ReadTags' } diff --git a/arm/Microsoft.Resources/tags/subscriptions/readme.md b/arm/Microsoft.Resources/tags/subscriptions/readme.md index 596f28dece..3a2131a852 100644 --- a/arm/Microsoft.Resources/tags/subscriptions/readme.md +++ b/arm/Microsoft.Resources/tags/subscriptions/readme.md @@ -12,6 +12,8 @@ This module deploys Resources Tags on a subscription scope. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `name` | string | `default` | | Optional. The name of the tags resource. | | `onlyUpdate` | bool | `False` | | Optional. Instead of overwriting the existing tags, combine them with the new tags | | `tags` | object | `{object}` | | Optional. Tags for the resource group. If not provided, removes existing tags | From 4eb64664a3359126685c525228afab38c63a3cc4 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 10 Mar 2022 23:03:22 +0100 Subject: [PATCH 10/10] Update to latest --- arm/Microsoft.Insights/diagnosticSettings/deploy.bicep | 4 ++++ arm/Microsoft.Insights/diagnosticSettings/readme.md | 1 + 2 files changed, 5 insertions(+) diff --git a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep index 67b1bd705b..a04b95df8c 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep +++ b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep @@ -47,6 +47,9 @@ param logsToEnable array = [ @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true +@description('Optional. Location for all resources.') +param location string = deployment().location + var diagnosticsLogs = [for log in logsToEnable: { category: log enabled: true @@ -58,6 +61,7 @@ var diagnosticsLogs = [for log in logsToEnable: { resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + location: location properties: { mode: 'Incremental' template: { diff --git a/arm/Microsoft.Insights/diagnosticSettings/readme.md b/arm/Microsoft.Insights/diagnosticSettings/readme.md index 0d31f3d458..f42535632b 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/readme.md +++ b/arm/Microsoft.Insights/diagnosticSettings/readme.md @@ -18,6 +18,7 @@ This module deploys a subscription wide export of the activity log. | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `enableDefaultTelemetry` | bool | `True` | | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `logsToEnable` | array | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | Optional. The name of logs that will be streamed. | | `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Optional. Name of the ActivityLog diagnostic settings. |