diff --git a/.github/workflows/ms.network.trafficmanagerprofiles.yml b/.github/workflows/ms.network.trafficmanagerprofiles.yml index 22ea5f84bf..b832315518 100644 --- a/.github/workflows/ms.network.trafficmanagerprofiles.yml +++ b/.github/workflows/ms.network.trafficmanagerprofiles.yml @@ -81,7 +81,7 @@ jobs: - name: "Test module" uses: ./.github/actions/templates/validateModuleDeploy with: - templateFilePath: '${{ env.modulePath }}/deploy.json' + templateFilePath: '${{ env.modulePath }}/deploy.bicep' parameterFilePath: '${{ env.modulePath }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.defaultLocation }}' resourceGroupName: '${{ env.resourceGroupName }}' @@ -116,7 +116,7 @@ jobs: uses: ./.github/actions/templates/deployModule with: moduleName: '${{ env.moduleName }}' - templateFilePath: '${{ env.modulePath }}/deploy.json' + templateFilePath: '${{ env.modulePath }}/deploy.bicep' parameterFilePath: '${{ env.modulePath }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.defaultLocation }}' resourceGroupName: '${{ env.resourceGroupName }}' @@ -146,7 +146,7 @@ jobs: - name: "Publish module" uses: ./.github/actions/templates/publishModule with: - templateFilePath: '${{ env.modulePath }}/deploy.json' + templateFilePath: '${{ env.modulePath }}/deploy.bicep' componentTemplateSpecRGName: '${{ env.componentTemplateSpecRGName }}' componentTemplateSpecRGLocation: '${{ env.componentTemplateSpecRGLocation }}' componentTemplateSpecName: '${{ env.moduleName }}' @@ -178,5 +178,5 @@ jobs: uses: ./.github/actions/templates/removeModule with: moduleName: '${{ env.moduleName }}' - templateFilePath: '${{ env.modulePath }}/deploy.json' + templateFilePath: '${{ env.modulePath }}/deploy.bicep' resourceGroupName: '${{ env.resourceGroupName }}' \ No newline at end of file diff --git a/README.md b/README.md index f95525c064..7ef98a9077 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ This repository includes a collection of advanced and curated Modules consisting | [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/managedInstances) | | [![Sql: Managedinstances](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.managedinstances.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.managedinstances.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | | [StorageAccounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Storage/storageAccounts) | :heavy_check_mark: | [![Storage Account](https://github.com/Azure/ResourceModules/actions/workflows/ms.storage.storageaccounts.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.storage.storageaccounts.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | | [Subscription](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Subscription/aliases) | | [![Subscription: Aliases](https://github.com/Azure/ResourceModules/actions/workflows/ms.subscription.aliases.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.subscription.aliases.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | -| [TrafficManager](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | | [![Network: Trafficmanagerprofiles](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | +| [TrafficManager](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | :heavy_check_mark: | [![Network: Trafficmanagerprofiles](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | | [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedIdentity/userAssignedIdentities) | :heavy_check_mark: | [![ManagedIdentity: Userassignedidentities](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedidentity.userassignedidentities.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedidentity.userassignedidentities.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | | [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachineScaleSets) | :heavy_check_mark: | [![Compute: Virtualmachinescalesets](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachinescalesets.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachinescalesets.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | | [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachines) | | [![Compute: Virtualmachines](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachines.yml/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachines.yml) | [![Deploy to Azure](/docs/media/deploytoazure.svg?sanitize=true)]() | diff --git a/arm/.global/global.module.tests.ps1 b/arm/.global/global.module.tests.ps1 index bb2fd12057..83ae55a1e4 100644 --- a/arm/.global/global.module.tests.ps1 +++ b/arm/.global/global.module.tests.ps1 @@ -712,7 +712,7 @@ Describe "Deployment template tests" -Tag Template { $Variable = ($Template.variables | Get-Member | Where-Object { $_.MemberType -eq "NoteProperty" }).Name foreach ($Variab in $Variable) { - if ($Variab.substring(0, 1) -cnotmatch '[a-z]' -or $Variab -match '-' -or $Variab -match '_') { + if ($Variab.substring(0, 1) -cnotmatch '[a-z]' -or $Variab -match '-') { $CamelCasingFlag += $false } else { @@ -832,6 +832,9 @@ Describe "Deployment template tests" -Tag Template { elseif (($Locmand | Get-Member | Where-Object { $_.MemberType -eq "NoteProperty" }).Name -notcontains "Location") { $LocationParamFlag += $true } + elseif (($Locmand | Get-Member | Where-Object { $_.MemberType -eq "NoteProperty" }).Name -notcontains "resourceGroup") { + $LocationParamFlag += $true + } else { $LocationParamFlag += $false } diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_cuaId.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep new file mode 100644 index 0000000000..905c4a217b --- /dev/null +++ b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep @@ -0,0 +1,11 @@ +param roleAssignmentObj object +param builtInRoleNames object +param resourceName string + +resource roleAssigment 'Microsoft.Network/trafficmanagerprofiles/providers/roleAssignments@2020-04-01-preview' = [for principalId in roleAssignmentObj.principalIds: { + name: '${resourceName}/Microsoft.Authorization/${guid(resourceName, principalId, roleAssignmentObj.roleDefinitionIdOrName)}' + properties: { + roleDefinitionId: (contains(builtInRoleNames, roleAssignmentObj.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignmentObj.roleDefinitionIdOrName] : roleAssignmentObj.roleDefinitionIdOrName) + principalId: principalId + } +}] diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep new file mode 100644 index 0000000000..6fdc7583ae --- /dev/null +++ b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -0,0 +1,173 @@ +@description('Required. Name of the Traffic Manager') +@minLength(1) +param trafficManagerName string + +@description('Optional. The status of the Traffic Manager profile.') +@allowed([ + 'Enabled' + 'Disabled' +]) +param profileStatus string = 'Enabled' + +@description('Optional. The traffic routing method of the Traffic Manager profile.') +@allowed([ + 'Performance' + 'Priority' + 'Weighted' + 'Geographic' + 'MultiValue' + 'Subnet' +]) +param trafficRoutingMethod string = 'Performance' + +@description('Required. The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile.') +param relativeName string + +@description('Optional. The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile.') +param ttl int = 60 + +@description('Optional. The endpoint monitoring settings of the Traffic Manager profile.') +param monitorConfig object = { + protocol: 'http' + port: '80' + path: '/' +} + +@description('Optional. The list of endpoints in the Traffic Manager profile.') +param endpoints array = [] + +@description('Optional. Indicates whether Traffic View is \'Enabled\' or \'Disabled\' for the Traffic Manager profile. Null, indicates \'Disabled\'. Enabling this feature will increase the cost of the Traffic Manage profile.') +@allowed([ + 'Disabled' + 'Enabled' +]) +param trafficViewEnrollmentStatus string = 'Disabled' + +@description('Optional. Maximum number of endpoints to be returned for MultiValue routing type.') +param maxReturn int = 1 + +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource identifier of the Diagnostic Storage Account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource identifier of Log Analytics.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + +@description('Optional. Switch to lock Traffic Manager from deletion.') +param lockForDeletion bool = false + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') +param roleAssignments array = [] + +@description('Optional. Resource tags.') +param tags object = {} + +@description('Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered') +param cuaId string = '' + +var diagnosticsMetrics = [ + { + category: 'AllMetrics' + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] +var diagnosticsLogs = [ + { + category: 'ProbeHealthStatusEvents' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] +var builtInRoleNames = { + 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','4f8fab4f-1852-4a58-a46a-8eaf358af14a') + 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','92aaf0da-9dab-42b6-94a3-d43ce8d16293') + 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','73c42c96-874c-492b-b04d-ab87d138a893') + 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','641177b8-a67a-45b9-a033-47bc880bb21e') + 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','c7393b34-138c-406f-901b-d8cf2b17e6ae') + 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','b9331d33-8a36-4f8c-b097-4f54124fdb44') + 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa') + 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','3913510d-42f4-4e42-8a64-420c390055eb') + 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','43d0d8ad-25c7-4714-9337-8ba259a9fe05') + 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7') + 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','36243c78-bf99-498c-9df9-86d9f8d28608') + 'Traffic Manager Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','a4b10055-b0c7-44c2-b00f-c7b5b3550cf7') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions','18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') +} + +module pid_cuaId './.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource trafficmanagerprofile 'Microsoft.Network/trafficmanagerprofiles@2018-08-01' = { + name: trafficManagerName + tags: tags + location: 'global' + properties: { + profileStatus: profileStatus + trafficRoutingMethod: trafficRoutingMethod + dnsConfig: { + relativeName: relativeName + ttl: ttl + } + monitorConfig: monitorConfig + endpoints: endpoints + trafficViewEnrollmentStatus: trafficViewEnrollmentStatus + maxReturn: maxReturn + } +} + +resource trafficmanagerprofile_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lockForDeletion) { + name: '${trafficmanagerprofile.name}-doNotDelete' + properties: { + level: 'CanNotDelete' + } + scope: trafficmanagerprofile +} + +resource trafficmanagerprofile_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${trafficmanagerprofile.name}-diagnosticSettings' + properties: { + storageAccountId: (empty(diagnosticStorageAccountId) ? json('null') : diagnosticStorageAccountId) + workspaceId: (empty(workspaceId) ? json('null') : workspaceId) + eventHubAuthorizationRuleId: (empty(eventHubAuthorizationRuleId) ? json('null') : eventHubAuthorizationRuleId) + eventHubName: (empty(eventHubName) ? json('null') : eventHubName) + metrics: ((empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? json('null') : diagnosticsMetrics) + logs: ((empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? json('null') : diagnosticsLogs) + } + scope: trafficmanagerprofile +} + +module trafficmanagerprofile_rbac './.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: { + name: 'rbac-${deployment().name}${index}' + params: { + roleAssignmentObj: roleAssignment + builtInRoleNames: builtInRoleNames + resourceName: trafficmanagerprofile.name + } +}] + +output trafficManagerResourceId string = trafficmanagerprofile.id +output trafficManagerResourceGroup string = resourceGroup().name +output trafficManagerName string = trafficmanagerprofile.name diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.json b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.json deleted file mode 100644 index 13698a39da..0000000000 --- a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.json +++ /dev/null @@ -1,503 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "trafficManagerName": { - "type": "string", - "minLength": 1, - "metadata": { - "description": "Required. Name of the Traffic Manager" - } - }, - "diagnosticsLocation": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for diagnostics settings only. Traffic manager will always be deployed globally." - } - }, - "profileStatus": { - "type": "string", - "defaultValue": "Enabled", - "allowedValues": [ "Enabled", "Disabled" ], - "metadata": { - "description": "Optional. The status of the Traffic Manager profile." - } - }, - "trafficRoutingMethod": { - "type": "string", - "defaultValue": "Performance", - "allowedValues": [ "Performance", "Priority", "Weighted", "Geographic", "MultiValue", "Subnet" ], - "metadata": { - "description": "Optional. The traffic routing method of the Traffic Manager profile." - } - }, - "relativeName": { - "type": "string", - "metadata": { - "description": "Required. The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile." - } - }, - "ttl": { - "type": "int", - "defaultValue": 60, - "metadata": { - "description": "Optional. The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile." - } - }, - "monitorConfig": { - "type": "object", - "defaultValue": { - "protocol": "http", - "port": "80", - "path": "/" - }, - "metadata": { - "description": "Optional. The endpoint monitoring settings of the Traffic Manager profile." - } - }, - "endpoints": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. The list of endpoints in the Traffic Manager profile." - } - }, - "trafficViewEnrollmentStatus": { - "type": "string", - "allowedValues": [ "Disabled", "Enabled" ], - "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile." - } - }, - "maxReturn": { - "type": "int", - "defaultValue": 1, - "metadata": { - "description": "Optional. Maximum number of endpoints to be returned for MultiValue routing type." - } - }, - "diagnosticLogsRetentionInDays": { - "type": "int", - "defaultValue": 365, - "minValue": 0, - "maxValue": 365, - "metadata": { - "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." - } - }, - "diagnosticStorageAccountId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource identifier of the Diagnostic Storage Account." - } - }, - "workspaceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource identifier of Log Analytics." - } - }, - "eventHubAuthorizationRuleId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "eventHubName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." - } - }, - "lockForDeletion": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Switch to lock Traffic Manager from deletion." - } - }, - "roleAssignments": { - "defaultValue": [ - ], - "type": "array", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'" - } - }, - "tags": { - "type": "object", - "defaultValue": { - }, - "metadata": { - "description": "Optional. Resource tags." - } - }, - "cuaId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Customer Usage Attribution id (GUID). This GUID must be previously registered" - } - } - }, - "variables": { - "diagnosticsMetrics": [ - { - "category": "AllMetrics", - "timeGrain": null, - "enabled": true, - "retentionPolicy": { - "enabled": true, - "days": "[parameters('diagnosticLogsRetentionInDays')]" - } - } - ], - "diagnosticsLogs": [ - { - "category": "ProbeHealthStatusEvents", - "enabled": true, - "retentionPolicy": { - "enabled": true, - "days": "[parameters('diagnosticLogsRetentionInDays')]" - } - } - ], - "builtInRoleNames": { - "AcrDelete": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c2f4ef07-c644-48eb-af81-4b1b4947fb11')]", - "AcrImageSigner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '6cef56e8-d556-48e5-a04f-b8e64114680f')]", - "AcrPull": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '7f951dda-4ed3-4680-a7ca-43fe172d538d')]", - "AcrPush": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8311e382-0749-4cb8-b61a-304f252e45ec')]", - "AcrQuarantineReader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'cdda3590-29a3-44f6-95f2-9f980659eb04')]", - "AcrQuarantineWriter": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c8d4ff99-41c3-41a8-9f60-21dfdad59608')]", - "API Management Service Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '312a565d-c81f-4fd8-895a-4e21e48d571c')]", - "API Management Service Operator Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'e022efe7-f5ba-4159-bbe4-b44f577e9b61')]", - "API Management Service Reader Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '71522526-b88f-4d52-b57f-d31fc3546d0d')]", - "App Configuration Data Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b')]", - "App Configuration Data Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '516239f1-63e1-4d78-a4de-a74fb236a071')]", - "Application Insights Component Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ae349356-3a1b-4a5e-921d-050484c6347e')]", - "Application Insights Snapshot Debugger": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '08954f03-6346-4c2e-81c0-ec3a5cfae23b')]", - "Attestation Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'bbf86eb8-f7b4-4cce-96e4-18cddf81d86e')]", - "Attestation Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'fd1bd22b-8476-40bc-a0bc-69b95687b9f3')]", - "Automation Job Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4fe576fe-1146-4730-92eb-48519fa6bf9f')]", - "Automation Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'd3881f73-407a-4167-8283-e981cbba0404')]", - "Automation Runbook Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5fb5aef8-1081-4b8e-bb16-9d5d0385bab5')]", - "Avere Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Connected Machine Onboarding": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b64e21ea-ac4e-4cdf-9dc9-5b892992bee7')]", - "Azure Connected Machine Resource Administrator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'cd570a14-e51a-42ad-bac8-bafd67325302')]", - "Azure Digital Twins Owner (Preview)": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'bcd981a7-7f74-457b-83e1-cceb9e632ffe')]", - "Azure Digital Twins Reader (Preview)": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'd57506d4-4c8d-48b1-8587-93c323f6a5a3')]", - "Azure Event Hubs Data Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f526a384-b230-433a-b45c-95f59c4a2dec')]", - "Azure Event Hubs Data Receiver": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'a638d3c7-ab3a-418d-83e6-5f17a39d4fde')]", - "Azure Event Hubs Data Sender": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '2b629674-e913-4c01-ae53-ef4638d8f975')]", - "Azure Kubernetes Service Cluster Admin Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8')]", - "Azure Kubernetes Service Cluster User Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4abbcc35-e782-43d8-92c5-2d3f1bd2253f')]", - "Azure Kubernetes Service Contributor Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8')]", - "Azure Maps Data Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204')]", - "Azure Maps Data Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '423170ca-a8f6-4b0f-8487-9e4eb8f49bfa')]", - "Azure Sentinel Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ab8e14d6-4a74-4a29-9ba8-549422addade')]", - "Azure Sentinel Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8d289c81-5878-46d4-8554-54e1e3d8b5cb')]", - "Azure Sentinel Responder": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '3e150937-b8fe-4cfb-8069-0eaf05ecd056')]", - "Azure Service Bus Data Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '090c5cfd-751d-490a-894a-3ce6f1109419')]", - "Azure Service Bus Data Receiver": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0')]", - "Azure Service Bus Data Sender": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39')]", - "Azure Stack Registration Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '6f12a6df-dd06-4f3e-bcb1-ce8be600526a')]", - "Backup Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '00c29273-979b-4161-815c-10b084fb9324')]", - "Backup Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'a795c7a0-d4a2-40c1-ae25-d81f01202912')]", - "Billing Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64')]", - "BizTalk Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5e3c6656-6cfa-4708-81fe-0de47ac73342')]", - "Blockchain Member Node Access (Preview)": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '31a002a1-acaf-453e-8a5b-297c9ca1ea24')]", - "Blueprint Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '41077137-e803-4205-871c-5a86e6a753b4')]", - "Blueprint Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '437d2ced-4a38-4302-8479-ed2bcb43d090')]", - "CDN Endpoint Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '426e0c7f-0c7e-4658-b36f-ff54d6c29b45')]", - "CDN Endpoint Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '871e35f6-b5c1-49cc-a043-bde969a0f2cd')]", - "CDN Profile Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ec156ff8-a8d1-4d15-830c-5b80698ca432')]", - "CDN Profile Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8f96442b-4075-438f-813d-ad51ab4019af')]", - "Classic Network Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b34d265f-36f7-4a0d-a4d4-e158ca92e90f')]", - "Classic Storage Account Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '86e8f5dc-a6e9-4c67-9d15-de283e8eac25')]", - "Classic Storage Account Key Operator Service Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '985d6b00-f706-48f5-a6fe-d0ca12fb668d')]", - "Classic Virtual Machine Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'd73bb868-a0df-4d4d-bd69-98a00b01fccb')]", - "ClearDB MySQL DB Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '9106cda0-8a86-4e81-b686-29a22c54effe')]", - "Cognitive Services Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68')]", - "Cognitive Services Custom Vision Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c1ff6cc2-c111-46fe-8896-e0ef812ad9f3')]", - "Cognitive Services Custom Vision Deployment": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5c4089e1-6d96-4d2f-b296-c1bc7137275f')]", - "Cognitive Services Custom Vision Labeler": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '88424f51-ebe7-446f-bc41-7fa16989e96c')]", - "Cognitive Services Custom Vision Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '93586559-c37d-4a6b-ba08-b9f0940c2d73')]", - "Cognitive Services Custom Vision Trainer": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '0a5ae4ab-0d65-4eeb-be61-29fc9b54394b')]", - "Cognitive Services Data Reader (Preview)": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b59867f0-fa02-499b-be73-45a86b5b3e1c')]", - "Cognitive Services QnA Maker Editor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f4cc2bf9-21be-47a1-bdf1-5c5804381025')]", - "Cognitive Services QnA Maker Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '466ccd10-b268-4a11-b098-b4849f024126')]", - "Cognitive Services User": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'a97b65f3-24c7-4388-baec-2e87135dc908')]", - "Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Account Reader Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8')]", - "Cosmos DB Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "CosmosBackupOperator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'db7b14f2-5adf-42da-9f96-f2ee17bab5cb')]", - "Cost Management Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '434105ed-43f6-45c7-a02f-909b2ba83430')]", - "Cost Management Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '72fafb9e-0641-4937-9268-a91bfd8191a3')]", - "Data Box Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'add466c9-e687-43fc-8d98-dfcf8d720be5')]", - "Data Box Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027')]", - "Data Factory Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '673868aa-7521-48a0-acc6-0f60742d39f5')]", - "Data Lake Analytics Developer": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '47b7735b-770e-4598-a7da-8b91488b4c88')]", - "Data Purger": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '150f5e0c-0603-4f03-8c7f-cf70034c4e90')]", - "Desktop Virtualization User": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63')]", - "DevTest Labs User": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Zone Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "EventGrid EventSubscription Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '428e0ff0-5e57-4d9c-a221-2c70d0e0a443')]", - "EventGrid EventSubscription Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '2414bbcf-6497-4faf-8c65-045460748405')]", - "Experimentation Administrator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '7f646f1b-fa08-80eb-a33b-edd6ce5c915c')]", - "Experimentation Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '7f646f1b-fa08-80eb-a22b-edd6ce5c915c')]", - "Experimentation Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '49632ef5-d9ac-41f4-b8e7-bbe587fa74a1')]", - "FHIR Data Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5a1fc7df-4bf1-4951-a576-89034ee01acd')]", - "FHIR Data Exporter": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '3db33094-8700-4567-8da5-1501d4e7e843')]", - "FHIR Data Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4c8d0bbc-75d3-4935-991f-5f3c56d81508')]", - "FHIR Data Writer": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '3f88fce4-5892-4214-ae73-ba5294559913')]", - "Graph Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b60367af-1334-4454-b71e-769d9a4f83d9')]", - "HDInsight Cluster Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '61ed4efc-fab3-44fd-b111-e24485cc132a')]", - "HDInsight Domain Services Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8d8d5a11-05d3-4bda-a417-a08778121c7c')]", - "Hierarchy Settings Administrator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '350f8d15-c687-4448-8ae1-157740a3936d')]", - "Hybrid Server Onboarding": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb')]", - "Hybrid Server Resource Administrator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '48b40c6e-82e0-4eb3-90d5-19e40f49b624')]", - "Integration Service Environment Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'a41e2c5b-bd99-4a07-88f4-9bf657a760b8')]", - "Integration Service Environment Developer": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c7aa55d3-1abb-444a-a5ca-5e51e485d6ec')]", - "Intelligent Systems Account Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '03a6d094-3444-4b3d-88af-7477090a9e5e')]", - "Key Vault Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f25e0fa2-a7c8-4377-a976-54943a77a395')]", - "Knowledge Consumer": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ee361c5d-f7b5-4119-b4b6-892157c8f64c')]", - "Kubernetes Cluster - Azure Arc Onboarding": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '34e09817-6cbe-4d01-b1a2-e0eac5743d41')]", - "Lab Creator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b97fb8bc-a8b2-4522-a38b-dd33c7e65ead')]", - "Log Analytics Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Logic App Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '87a39d53-fc1b-424a-814c-f7e04687dc9e')]", - "Logic App Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe')]", - "Managed Application Contributor Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Managed Identity Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59')]", - "Managed Identity Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]", - "Managed Services Registration assignment Delete ": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '91c1777a-f3dc-4fae-b103-61d183457e46')]", - "Management Group Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c')]", - "Management Group Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ac63b705-f282-497d-ac71-919bf39d939d')]", - "Marketplace Admin": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'dd920d6d-f481-47f1-b461-f338c46b2d9f')]", - "Monitoring Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Metrics Publisher": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]", - "Monitoring Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "New Relic APM Account Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5d28c62d-5b37-4476-8438-e587778df237')]", - "Object Understanding Account Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4dd61c23-6743-42fe-a388-d8bdd41cb745')]", - "Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Policy Insights Data Writer (Preview)": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '66bb4e9e-b016-4a94-8249-4c0511c2be84')]", - "Private DNS Zone Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Reader and Data Access": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c12c1c16-33a1-487b-954d-41c89c60f349')]", - "Redis Cache Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'e0f68234-74aa-48ed-b826-c38b57376e17')]", - "Remote Rendering Administrator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '3df8b902-2a6f-47c7-8cc5-360e9b272a7e')]", - "Remote Rendering Client": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'd39065c4-c120-43c9-ab0a-63eed9795f0a')]", - "Resource Policy Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Scheduler Job Collections Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '188a0f2f-5c9e-469b-ae67-2aa5ce574b94')]", - "Search Service Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '7ca78c08-252a-4471-8644-bb5ff32d4ba0')]", - "Security Admin": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'fb1c8493-542b-48eb-b624-b4c8fea62acd')]", - "Security Assessment Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '612c2aa1-cb24-443b-ac28-3ab7272de6f5')]", - "Security Manager (Legacy)": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'e3d13bf0-dd5a-482e-ba6b-9b8433878d10')]", - "Security Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '39bc4728-0917-49c7-9d2c-d95423bc2eb4')]", - "SignalR AccessKey Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '04165923-9d83-45d5-8227-78b77b0a687e')]", - "SignalR Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761')]", - "Site Recovery Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "Site Recovery Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'dbaa88c4-0c30-4179-9fb3-46319faa6149')]", - "Spatial Anchors Account Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827')]", - "Spatial Anchors Account Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '70bbe301-9835-447d-afdd-19eb3167307c')]", - "Spatial Anchors Account Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '5d51204f-eb77-4b1c-b86a-2ec626c49413')]", - "SQL DB Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '9b7fa17d-e63e-47b0-bb0a-15c516ac86ec')]", - "SQL Managed Instance Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "SQL Server Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437')]", - "Storage Account Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Storage Account Key Operator Service Role": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '81a9662b-bebf-436f-a333-f67b29880f12')]", - "Storage Blob Data Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]", - "Storage Blob Data Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b')]", - "Storage Blob Data Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')]", - "Storage Blob Delegator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a')]", - "Storage File Data SMB Share Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb')]", - "Storage File Data SMB Share Elevated Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'a7264617-510b-434b-a828-9731dc254ea7')]", - "Storage File Data SMB Share Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'aba4ae5f-2193-4029-9191-0cb91df5e314')]", - "Storage Queue Data Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '974c5e8b-45b9-4653-ba55-5f855dd0fb88')]", - "Storage Queue Data Message Processor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8a0f0c08-91a1-4084-bc3d-661d67233fed')]", - "Storage Queue Data Message Sender": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'c6a89b2d-59bc-44d0-9896-0f6e12d7b80a')]", - "Storage Queue Data Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '19e7f393-937e-4f77-808e-94535e297925')]", - "Support Request Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e')]", - "Tag Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4a9ae827-6dc8-4573-8ac7-8239d42aa03f')]", - "Traffic Manager Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Web Plan Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", - "Website Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'de139f84-1756-47ae-9be6-808fbbe84772')]", - "Workbook Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'e8ddcd69-c73f-4f9f-9844-4100522f16ad')]", - "Workbook Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b279062a-9be3-42a0-92ae-8b3cf002ec4d')]" - } - }, - "resources": [ - { - "condition": "[not(empty(parameters('cuaId')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[concat('pid-', parameters('cuaId'))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - ] - } - } - }, - { - "name": "[parameters('trafficManagerName')]", - "type": "Microsoft.Network/trafficmanagerprofiles", - "apiVersion": "2018-08-01", - "tags": "[parameters('tags')]", - "location": "global", - "properties": { - "profileStatus": "[parameters('profileStatus')]", - "trafficRoutingMethod": "[parameters('trafficRoutingMethod')]", - "dnsConfig": { - "relativeName": "[parameters('relativeName')]", - "ttl": "[parameters('ttl')]" - }, - "monitorConfig": "[parameters('monitorConfig')]", - "endpoints": "[parameters('endpoints')]", - "trafficViewEnrollmentStatus": "[parameters('trafficViewEnrollmentStatus')]", - "maxReturn": "[parameters('maxReturn')]" - }, - "resources": [ - { - "type": "providers/locks", - "apiVersion": "2016-09-01", - "condition": "[parameters('lockForDeletion')]", - "name": "Microsoft.Authorization/trafficManagerDoNotDelete", - "dependsOn": [ - "[concat('Microsoft.Network/trafficmanagerprofiles/', parameters('trafficManagerName'))]" - ], - "comments": "Resource lock on Traffic Manager", - "properties": { - "level": "CannotDelete" - } - }, - { - "type": "Microsoft.Network/trafficmanagerprofiles/providers/diagnosticsettings", - "apiVersion": "2017-05-01-preview", - "name": "[concat(parameters('trafficManagerName'), '/Microsoft.Insights/service')]", - "location": "[parameters('diagnosticsLocation')]", - "condition": "[or(not(empty(parameters('diagnosticStorageAccountId'))),not(empty(parameters('workspaceId'))),not(empty(parameters('eventHubAuthorizationRuleId'))),not(empty(parameters('eventHubName'))))]", - "dependsOn": [ - "[concat('Microsoft.Network/trafficmanagerprofiles/', parameters('trafficManagerName'))]" - ], - "properties": { - "storageAccountId": "[if(empty(parameters('diagnosticStorageAccountId')), json('null'), parameters('diagnosticStorageAccountId'))]", - "workspaceId": "[if(empty(parameters('workspaceId')), json('null'), parameters('workspaceId'))]", - "eventHubAuthorizationRuleId": "[if(empty(parameters('eventHubAuthorizationRuleId')), json('null'), parameters('eventHubAuthorizationRuleId'))]", - "eventHubName": "[if(empty(parameters('eventHubName')), json('null'), parameters('eventHubName'))]", - "metrics": "[if(and(empty(parameters('diagnosticStorageAccountId')), empty(parameters('workspaceId')), empty(parameters('eventHubAuthorizationRuleId')), empty(parameters('eventHubName'))), json('null'), variables('diagnosticsMetrics'))]", - "logs": "[if(and(empty(parameters('diagnosticStorageAccountId')), empty(parameters('workspaceId')), empty(parameters('eventHubAuthorizationRuleId')), empty(parameters('eventHubName'))), json('null'), variables('diagnosticsLogs'))]" - } - } - ] - }, - { - "name": "[concat('rbac-',deployment().name, copyIndex())]", - "apiVersion": "2021-04-01", - "type": "Microsoft.Resources/deployments", - "condition": "[not(empty(parameters('roleAssignments')))]", - "dependsOn": [ - "[parameters('trafficManagerName')]" - ], - "copy": { - "name": "rbacDeplCopy", - "count": "[length(parameters('roleAssignments'))]" - }, - "properties": { - "mode": "Incremental", - "expressionEvaluationOptions": { - "scope": "inner" - }, - "parameters": { - "roleAssignment": { - "value": "[parameters('roleAssignments')[copyIndex()]]" - }, - "builtInRoleNames": { - "value": "[variables('builtInRoleNames')]" - }, - "trafficManagerName": { - "value": "[parameters('trafficManagerName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "roleAssignment": { - "type": "object" - }, - "builtInRoleNames": { - "type": "object" - }, - "trafficManagerName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/trafficmanagerprofiles/providers/roleAssignments", - "apiVersion": "2018-09-01-preview", - "name": "[concat(parameters('trafficManagerName'), '/Microsoft.Authorization/', guid(uniqueString(concat(parameters('trafficManagerName'), array(parameters('roleAssignment').principalIds)[copyIndex('innerRbacCopy')], parameters('roleAssignment').roleDefinitionIdOrName ) )))]", - "dependsOn": [ - ], - "copy": { - "name": "innerRbacCopy", - "count": "[length(parameters('roleAssignment').principalIds)]" - }, - "properties": { - "roleDefinitionId": "[if(contains(parameters('builtInRoleNames'), parameters('roleAssignment').roleDefinitionIdOrName ), parameters('builtInRoleNames')[parameters('roleAssignment').roleDefinitionIdOrName] , parameters('roleAssignment').roleDefinitionIdOrName )]", - "principalId": "[array(parameters('roleAssignment').principalIds)[copyIndex()]]" - } - } - ] - } - } - } - ], - "functions": [ - ], - "outputs": { - "trafficManagerResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/trafficmanagerprofiles', parameters('trafficManagerName'))]", - "metadata": { - "description": "The Resource Id of the Traffic Manager." - } - }, - "trafficManagerResourceGroup": { - "type": "string", - "value": "[resourceGroup().name]", - "metadata": { - "description": "The name of the Resource Group the Traffic Manager was created in." - } - }, - "trafficManagerName": { - "type": "string", - "value": "[parameters('trafficManagerName')]", - "metadata": { - "description": "The Name of the Traffic Manager." - } - } - } -} \ No newline at end of file diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md index 0cd6cb14f7..a2ececf25f 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md +++ b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md @@ -8,9 +8,9 @@ This module deploys Traffic Manager, with resource lock. | :-- | :-- | | `Microsoft.Resources/deployments` | 2021-04-01 | | `Microsoft.Network/trafficmanagerprofiles` | 2018-08-01 | -| `Microsoft.Network/trafficmanagerprofiles/providers/diagnosticsettings` | 2017-05-01-preview | | `Microsoft.Network/trafficmanagerprofiles/providers/roleAssignments` | 2018-09-01-preview | -| `providers/locks` | +| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | ## Parameters @@ -22,7 +22,6 @@ This module deploys Traffic Manager, with resource lock. | `endpoints` | array | Optional. The list of endpoints in the Traffic Manager profile. | System.Object[] | | | `eventHubAuthorizationRuleId` | string | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | | | `eventHubName` | string | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | | -| `diagnosticsLocation` | string | Optional. Location for diagnostics settings only. Traffic manager will always be deployed globally. | `resourceGroup().location` | | | `lockForDeletion` | bool | Optional. Switch to lock Traffic Manager from deletion. | False | | | `maxReturn` | int | Optional. Maximum number of endpoints to be returned for MultiValue routing type. | 1 | | | `monitorConfig` | object | Optional. The endpoint monitoring settings of the Traffic Manager profile. | protocol=http; port=80; path=/ | | diff --git a/arm/README.md b/arm/README.md index 844f45b78c..56261a1977 100644 --- a/arm/README.md +++ b/arm/README.md @@ -76,7 +76,7 @@ The following table provides you with an outline of all Modules that are current | [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPAddresses) | | [publicIPAddresses](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPAddresses) | | | [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPPrefixes) | | [publicIPPrefixes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPPrefixes) | | | [RouteTables](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/routeTables) | | [routeTables](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/routeTables) | | -| [TrafficManager](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | | [trafficmanagerprofiles](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | | +| [TrafficManager](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | | [trafficmanagerprofiles](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | :heavy_check_mark: | | [VirtualNetworkGateway](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworkGateways) | | [virtualNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworkGateways) | :heavy_check_mark: | | [Virtual Network](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworks) | | [virtualNetworks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworks) | :heavy_check_mark: | | [VirtualNetworkPeering](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings) | | [virtualNetworks/virtualNetworkPeerings](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworksResources/virtualNetworkPeerings) | :heavy_check_mark: |