From ae667a66cdeae6f73b607b97574020e68b4f31a3 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 15 May 2022 22:57:32 +0200 Subject: [PATCH 01/20] Created first version of NIC module --- .../ms.network.networkInterfaces.yml | 54 +++++++ .../ms.network.networkInterfaces.yml | 142 ++++++++++++++++++ .../.bicep/nested_rbac.bicep | 63 ++++++++ .../.parameters/parameters.json | 19 +++ .../networkInterfaces/deploy.bicep | 120 +++++++++++++++ .../networkInterfaces/readme.md | 85 +++++++++++ .../networkInterfaces/version.json | 4 + 7 files changed, 487 insertions(+) create mode 100644 .azuredevops/modulePipelines/ms.network.networkInterfaces.yml create mode 100644 .github/workflows/ms.network.networkInterfaces.yml create mode 100644 arm/Microsoft.Network/networkInterfaces/.bicep/nested_rbac.bicep create mode 100644 arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json create mode 100644 arm/Microsoft.Network/networkInterfaces/deploy.bicep create mode 100644 arm/Microsoft.Network/networkInterfaces/readme.md create mode 100644 arm/Microsoft.Network/networkInterfaces/version.json diff --git a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml new file mode 100644 index 0000000000..286930f5b9 --- /dev/null +++ b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml @@ -0,0 +1,54 @@ +name: 'Network - NetworkInterfaces' + +parameters: + - name: removeDeployment + displayName: Remove deployed module + type: boolean + default: true + - name: prerelease + displayName: Publish prerelease module + type: boolean + default: false + +pr: none + +trigger: + batch: true + branches: + include: + - main + paths: + include: + - '/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml' + - '/.azuredevops/pipelineTemplates/module.*.yml' + - '/arm/Microsoft.Network/networkInterfaces/*' + - '/arm/.global/global.module.tests.ps1' + exclude: + - '/**/*.md' + +variables: + - template: '../../global.variables.yml' + - group: 'PLATFORM_VARIABLES' + - name: modulePath + value: '/arm/Microsoft.Network/networkInterfaces' + +stages: + - stage: Validation + displayName: Static validation + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml + + - stage: Deployment + displayName: Deployment validation + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + removeDeployment: '${{ parameters.removeDeployment }}' + deploymentBlocks: + - path: $(modulePath)/.parameters/parameters.json + + - stage: Publishing + displayName: Publishing + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml diff --git a/.github/workflows/ms.network.networkInterfaces.yml b/.github/workflows/ms.network.networkInterfaces.yml new file mode 100644 index 0000000000..5b1dd6c228 --- /dev/null +++ b/.github/workflows/ms.network.networkInterfaces.yml @@ -0,0 +1,142 @@ +name: 'Network: NetworkInterfaces' + +on: + workflow_dispatch: + inputs: + removeDeployment: + type: boolean + description: 'Remove deployed module' + required: false + default: true + prerelease: + type: boolean + description: 'Publish prerelease module' + required: false + default: false + push: + branches: + - main + paths: + - '.github/actions/templates/**' + - '.github/workflows/ms.network.networkInterfaces.yml' + - 'arm/Microsoft.Network/networkInterfaces/**' + - 'arm/.global/global.module.tests.ps1' + - '!*/**/readme.md' + - 'utilities/pipelines/**' + - '!utilities/pipelines/dependencies/**' + +env: + variablesPath: 'global.variables.yml' + modulePath: 'arm/Microsoft.Network/networkInterfaces' + workflowPath: '.github/workflows/ms.network.networkInterfaces.yml' + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: 'Initialize pipeline' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Set input parameters to output variables' + id: get-workflow-param + uses: ./.github/actions/templates/getWorkflowInput + with: + workflowPath: '${{ env.workflowPath}}' + - name: 'Get parameter file paths' + id: get-parameter-file-paths + uses: ./.github/actions/templates/getParameterFiles + with: + modulePath: '${{ env.modulePath }}' + outputs: + removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} + parameterFilePaths: ${{ steps.get-parameter-file-paths.outputs.parameterFilePaths }} + + ######################### + # Static validation # + ######################### + job_module_pester_validation: + runs-on: ubuntu-20.04 + name: 'Static validation' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + strategy: + fail-fast: false + matrix: + parameterFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.parameterFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + parameterFilePath: '${{ env.modulePath }}/${{ matrix.parameterFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/arm/Microsoft.Network/networkInterfaces/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/networkInterfaces/.bicep/nested_rbac.bicep new file mode 100644 index 0000000000..e66a728227 --- /dev/null +++ b/arm/Microsoft.Network/networkInterfaces/.bicep/nested_rbac.bicep @@ -0,0 +1,63 @@ +@sys.description('Required. The IDs of the principals to assign the role to.') +param principalIds array + +@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') +param roleDefinitionIdOrName string + +@sys.description('Required. The resource ID of the resource to apply the role assignment to.') +param resourceId string + +@sys.description('Optional. The principal type of the assigned principal ID.') +@allowed([ + 'ServicePrincipal' + 'Group' + 'User' + 'ForeignGroup' + 'Device' + '' +]) +param principalType string = '' + +@sys.description('Optional. The description of the role assignment.') +param description string = '' + +var builtInRoleNames = { + 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') + 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') + 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') + 'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') + 'Domain Services Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb') + 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') + 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') + 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') + 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') + 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') + 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') + 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') + 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') + 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') + 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') + 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') + 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') + 'Windows Admin Center Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f') +} + +resource networkInterface 'Microsoft.Network/networkInterfaces@2021-08-01' existing = { + name: last(split(resourceId, '/')) +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { + name: guid(networkInterface.id, principalId, roleDefinitionIdOrName) + properties: { + description: description + roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName + principalId: principalId + principalType: any(!empty(principalType) ? principalType : null) + } + scope: networkInterface +}] diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json new file mode 100644 index 0000000000..a53b5cd7d2 --- /dev/null +++ b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json @@ -0,0 +1,19 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-nic-x-001" + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + } + } +} diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep new file mode 100644 index 0000000000..eec4d0b057 --- /dev/null +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -0,0 +1,120 @@ +@description('Required. The name of the network interface.') +param name string + +param virtualMachineName string + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Indicates whether IP forwarding is enabled on this network interface.') +param enableIPForwarding bool = false + +@description('Optional. If the network interface is accelerated networking enabled.') +param enableAcceleratedNetworking bool = false + +@description('Optional. List of DNS servers IP addresses. Use \'AzureProvidedDNS\' to switch to azure provided DNS resolution. \'AzureProvidedDNS\' value cannot be combined with other IPs, it must be the only value in dnsServers collection.') +param dnsServers array = [] + +@description('Optional. The network security group (NSG) to attach to the network interface.') +param networkSecurityGroupResourceId string = '' + +@description('Optional. A list of IPConfigurations of the network interface.') +param ipConfigurations array = [] + +@allowed([ + 'CanNotDelete' + 'NotSpecified' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = 'NotSpecified' + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments array = [] + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { + name: name + location: location + tags: tags + properties: { + enableIPForwarding: enableIPForwarding + enableAcceleratedNetworking: enableAcceleratedNetworking + dnsSettings: !empty(dnsServers) ? { + dnsServers: dnsServers + } : null + networkSecurityGroup: !empty(networkSecurityGroupResourceId) ? { + id: networkSecurityGroupResourceId + } : null + ipConfigurations: [for (ipConfiguration, index) in ipConfigurations: { + name: !empty(ipConfiguration.name) ? ipConfiguration.name : null + properties: { + primary: index == 0 ? true : false + privateIPAllocationMethod: contains(ipConfiguration, 'privateIPAllocationMethod') ? (!empty(ipConfiguration.privateIPAllocationMethod) ? ipConfiguration.privateIPAllocationMethod : null) : null + privateIPAddress: contains(ipConfiguration, 'vmIPAddress') ? (!empty(ipConfiguration.vmIPAddress) ? ipConfiguration.vmIPAddress : null) : null + publicIPAddress: contains(ipConfiguration, 'publicIPAddressResourceId') ? { + id: ipConfiguration.publicIPAddressResourceId + } : null + subnet: { + id: ipConfiguration.subnetId + } + loadBalancerBackendAddressPools: contains(ipConfiguration, 'loadBalancerBackendAddressPools') ? ipConfiguration.loadBalancerBackendAddressPools : null + applicationSecurityGroups: contains(ipConfiguration, 'applicationSecurityGroups') ? ipConfiguration.applicationSecurityGroups : null + applicationGatewayBackendAddressPools: contains(ipConfiguration, 'applicationGatewayBackendAddressPools') ? ipConfiguration.applicationGatewayBackendAddressPools : null + gatewayLoadBalancer: contains(ipConfiguration, 'gatewayLoadBalancer') ? ipConfiguration.gatewayLoadBalancer : null + loadBalancerInboundNatRules: contains(ipConfiguration, 'loadBalancerInboundNatRules') ? ipConfiguration.loadBalancerInboundNatRules : null + privateIPAddressVersion: contains(ipConfiguration, 'privateIPAddressVersion') ? ipConfiguration.privateIPAddressVersion : null + virtualNetworkTaps: contains(ipConfiguration, 'virtualNetworkTaps') ? ipConfiguration.virtualNetworkTaps : null + } + }] + } +} + +resource networkInterface_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { + name: '${networkInterface.name}-${lock}-lock' + properties: { + level: lock + notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + } + scope: networkInterface +} + +module networkInterface_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: { + name: '${uniqueString(deployment().name, location)}-NIC-Rbac-${index}' + params: { + description: contains(roleAssignment, 'description') ? roleAssignment.description : '' + principalIds: roleAssignment.principalIds + principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' + roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + resourceId: networkInterface.id + } +}] + +@description('The name of the deployed resource.') +output name string = networkInterface.name + +@description('The resource ID of the deployed resource.') +output resourceId string = networkInterface.id + +@description('The resourceGroup of the deployed resource.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = networkInterface.location diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md new file mode 100644 index 0000000000..071ddafb0e --- /dev/null +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -0,0 +1,85 @@ +# Network Interface `[Microsoft.Network/networkInterfaces]` + +This module deploys Network Interfaces. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Network/networkInterfaces` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkInterfaces) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the network interface. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Allowed Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `dnsServers` | array | `[]` | | List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. | +| `enableAcceleratedNetworking` | bool | `False` | | If the network interface is accelerated networking enabled. | +| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `ipConfigurations` | array | `[]` | | A list of IPConfigurations of the network interface. | +| `location` | string | `[resourceGroup().location]` | | Location for all resources. | +| `lock` | string | `'NotSpecified'` | `[CanNotDelete, NotSpecified, ReadOnly]` | Specify the type of lock. | +| `networkSecurityGroupResourceId` | string | `''` | | The network security group (NSG) to attach to the network interface. | +| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `tags` | object | `{object}` | | Tags of the resource. | + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed resource. | +| `resourceGroupName` | string | The resourceGroup of the deployed resource. | +| `resourceId` | string | The resource ID of the deployed resource. | diff --git a/arm/Microsoft.Network/networkInterfaces/version.json b/arm/Microsoft.Network/networkInterfaces/version.json new file mode 100644 index 0000000000..badc0a2285 --- /dev/null +++ b/arm/Microsoft.Network/networkInterfaces/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.5" +} From bfaef3ebf34b891b7dad4a3bf6865508e750480f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 15 May 2022 23:13:04 +0200 Subject: [PATCH 02/20] Update to latest --- arm/Microsoft.Network/networkInterfaces/deploy.bicep | 2 -- arm/Microsoft.Network/networkInterfaces/readme.md | 5 +++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index eec4d0b057..343acfd28b 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -1,8 +1,6 @@ @description('Required. The name of the network interface.') param name string -param virtualMachineName string - @description('Optional. Location for all resources.') param location string = resourceGroup().location diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index 071ddafb0e..38bd5b7871 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -36,6 +36,9 @@ This module deploys Network Interfaces. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | + +### Parameter Usage: `roleAssignments` + Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. ```json @@ -60,6 +63,8 @@ Create a role assignment for the given resource. If you want to assign a service } ``` +### Parameter Usage: `tags` + Tag names and tag values can be provided as needed. A tag can be left without a value. ```json From 5d7126b06ea568807d98a67929799be21a9d06cf Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 15 May 2022 23:20:17 +0200 Subject: [PATCH 03/20] Update to latest --- arm/Microsoft.Network/networkInterfaces/deploy.bicep | 2 +- arm/Microsoft.Network/networkInterfaces/readme.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index 343acfd28b..6cb95f8488 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -10,7 +10,7 @@ param tags object = {} @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true -@description('Optional. Indicates whether IP forwarding is enabled on this network interface.') +@description('Optional. Indicates whether IP forwarding is enabled on this network interface.') param enableIPForwarding bool = false @description('Optional. If the network interface is accelerated networking enabled.') diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index 38bd5b7871..a8c0ecbfcb 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -29,6 +29,7 @@ This module deploys Network Interfaces. | `dnsServers` | array | `[]` | | List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. | | `enableAcceleratedNetworking` | bool | `False` | | If the network interface is accelerated networking enabled. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `enableIPForwarding` | bool | `False` | | Indicates whether IP forwarding is enabled on this network interface. | | `ipConfigurations` | array | `[]` | | A list of IPConfigurations of the network interface. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `'NotSpecified'` | `[CanNotDelete, NotSpecified, ReadOnly]` | Specify the type of lock. | From efef407cf2b87443b130c8d08cf813b53f851f29 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 15 May 2022 23:24:55 +0200 Subject: [PATCH 04/20] Update to latest --- .azuredevops/modulePipelines/ms.network.networkInterfaces.yml | 2 +- .github/workflows/ms.network.networkInterfaces.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml index 286930f5b9..1e1ef57574 100644 --- a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml @@ -49,6 +49,6 @@ stages: - stage: Publishing displayName: Publishing - condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + condition: and(succeeded( ), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) jobs: - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml diff --git a/.github/workflows/ms.network.networkInterfaces.yml b/.github/workflows/ms.network.networkInterfaces.yml index 5b1dd6c228..ddaad620ec 100644 --- a/.github/workflows/ms.network.networkInterfaces.yml +++ b/.github/workflows/ms.network.networkInterfaces.yml @@ -37,7 +37,7 @@ env: jobs: ########################### - # Initialize pipeline # + # Initialize pipeline # ########################### job_initialize_pipeline: runs-on: ubuntu-20.04 From cd011d3d71b2c81ab91c79f2d1428b7bae7bb564 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 15 May 2022 23:25:07 +0200 Subject: [PATCH 05/20] Update to latest --- .azuredevops/modulePipelines/ms.network.networkInterfaces.yml | 2 +- .github/workflows/ms.network.networkInterfaces.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml index 1e1ef57574..286930f5b9 100644 --- a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml @@ -49,6 +49,6 @@ stages: - stage: Publishing displayName: Publishing - condition: and(succeeded( ), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) jobs: - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml diff --git a/.github/workflows/ms.network.networkInterfaces.yml b/.github/workflows/ms.network.networkInterfaces.yml index ddaad620ec..5b1dd6c228 100644 --- a/.github/workflows/ms.network.networkInterfaces.yml +++ b/.github/workflows/ms.network.networkInterfaces.yml @@ -37,7 +37,7 @@ env: jobs: ########################### - # Initialize pipeline # + # Initialize pipeline # ########################### job_initialize_pipeline: runs-on: ubuntu-20.04 From 581abe15f7117e6226c1645afbdf85ec1e2e9fed Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 15 May 2022 23:33:08 +0200 Subject: [PATCH 06/20] Updated tests --- arm/.global/global.module.tests.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/.global/global.module.tests.ps1 b/arm/.global/global.module.tests.ps1 index 52fd8a4fb3..133a967ae4 100644 --- a/arm/.global/global.module.tests.ps1 +++ b/arm/.global/global.module.tests.ps1 @@ -49,8 +49,8 @@ Describe 'File/folder tests' -Tag Modules { $workflowsFolderName = Join-Path $RepoRoot '.github' 'workflows' $workflowFileName = '{0}.yml' -f $moduleFolderName.Replace('\', '/').Replace('/', '.').Replace('Microsoft', 'ms').ToLower() - - Test-Path (Join-Path $workflowsFolderName $workflowFileName) | Should -Be $true + $workflowPath = Join-Path $workflowsFolderName $workflowFileName + Test-Path $workflowPath | Should -Be $true -Because "path [$workflowPath] should exist." } } @@ -64,8 +64,8 @@ Describe 'File/folder tests' -Tag Modules { $pipelinesFolderName = Join-Path $RepoRoot '.azuredevops' 'modulePipelines' $pipelineFileName = '{0}.yml' -f $moduleFolderName.Replace('\', '/').Replace('/', '.').Replace('Microsoft', 'ms').ToLower() - - Test-Path (Join-Path $pipelinesFolderName $pipelineFileName) | Should -Be $true + $pipelinePath = Join-Path $pipelinesFolderName $pipelineFileName + Test-Path $pipelinePath | Should -Be $true -Because "path [$pipelinePath] should exist." } } From 5f9f4c5e1ef400a2fdd0df79e40d907de73262a6 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 16:58:24 +0200 Subject: [PATCH 07/20] dummy change --- .azuredevops/modulePipelines/ms.network.networkInterfaces.yml | 2 +- .github/workflows/ms.network.networkInterfaces.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml index 286930f5b9..05e0a9298a 100644 --- a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml @@ -19,7 +19,7 @@ trigger: - main paths: include: - - '/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml' + - '/.azuredevops/modulePipelines /ms.network.networkInterfaces.yml' - '/.azuredevops/pipelineTemplates/module.*.yml' - '/arm/Microsoft.Network/networkInterfaces/*' - '/arm/.global/global.module.tests.ps1' diff --git a/.github/workflows/ms.network.networkInterfaces.yml b/.github/workflows/ms.network.networkInterfaces.yml index 5b1dd6c228..de94008c45 100644 --- a/.github/workflows/ms.network.networkInterfaces.yml +++ b/.github/workflows/ms.network.networkInterfaces.yml @@ -17,7 +17,7 @@ on: branches: - main paths: - - '.github/actions/templates/**' + - '.github /actions/templates/**' - '.github/workflows/ms.network.networkInterfaces.yml' - 'arm/Microsoft.Network/networkInterfaces/**' - 'arm/.global/global.module.tests.ps1' From 5d6ae18c1603f5bffbd0d8e9e724a755a4d79db1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 16:58:52 +0200 Subject: [PATCH 08/20] Update to latest --- ...work.networkInterfaces.yml => ms.network.networkinterface.yml} | 0 ...work.networkInterfaces.yml => ms.network.networkinterface.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .azuredevops/modulePipelines/{ms.network.networkInterfaces.yml => ms.network.networkinterface.yml} (100%) rename .github/workflows/{ms.network.networkInterfaces.yml => ms.network.networkinterface.yml} (100%) diff --git a/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkinterface.yml similarity index 100% rename from .azuredevops/modulePipelines/ms.network.networkInterfaces.yml rename to .azuredevops/modulePipelines/ms.network.networkinterface.yml diff --git a/.github/workflows/ms.network.networkInterfaces.yml b/.github/workflows/ms.network.networkinterface.yml similarity index 100% rename from .github/workflows/ms.network.networkInterfaces.yml rename to .github/workflows/ms.network.networkinterface.yml From d2c584ce1b1f61bfe9968282d13ededa48b6344b Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 16:59:24 +0200 Subject: [PATCH 09/20] Update to latest --- ...rk.networkinterface.yml => ms.network.networkinterfaces.yml} | 2 +- ...rk.networkinterface.yml => ms.network.networkinterfaces.yml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .azuredevops/modulePipelines/{ms.network.networkinterface.yml => ms.network.networkinterfaces.yml} (95%) rename .github/workflows/{ms.network.networkinterface.yml => ms.network.networkinterfaces.yml} (99%) diff --git a/.azuredevops/modulePipelines/ms.network.networkinterface.yml b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml similarity index 95% rename from .azuredevops/modulePipelines/ms.network.networkinterface.yml rename to .azuredevops/modulePipelines/ms.network.networkinterfaces.yml index 05e0a9298a..286930f5b9 100644 --- a/.azuredevops/modulePipelines/ms.network.networkinterface.yml +++ b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml @@ -19,7 +19,7 @@ trigger: - main paths: include: - - '/.azuredevops/modulePipelines /ms.network.networkInterfaces.yml' + - '/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml' - '/.azuredevops/pipelineTemplates/module.*.yml' - '/arm/Microsoft.Network/networkInterfaces/*' - '/arm/.global/global.module.tests.ps1' diff --git a/.github/workflows/ms.network.networkinterface.yml b/.github/workflows/ms.network.networkinterfaces.yml similarity index 99% rename from .github/workflows/ms.network.networkinterface.yml rename to .github/workflows/ms.network.networkinterfaces.yml index de94008c45..5b1dd6c228 100644 --- a/.github/workflows/ms.network.networkinterface.yml +++ b/.github/workflows/ms.network.networkinterfaces.yml @@ -17,7 +17,7 @@ on: branches: - main paths: - - '.github /actions/templates/**' + - '.github/actions/templates/**' - '.github/workflows/ms.network.networkInterfaces.yml' - 'arm/Microsoft.Network/networkInterfaces/**' - 'arm/.global/global.module.tests.ps1' From a05645d7283c2334c3f39a61aa61dd7186b489ac Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 17:25:59 +0200 Subject: [PATCH 10/20] Minor update --- .../.parameters/parameters.json | 29 +++++++++++++++++++ .../networkInterfaces/deploy.bicep | 4 +-- .../networkInterfaces/readme.md | 2 +- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json index a53b5cd7d2..ecc40d2e77 100644 --- a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json @@ -14,6 +14,35 @@ ] } ] + }, + "ipConfigurations": { + "value": [ + { + "name": "ipconfig01", + "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", + "pipConfiguration": { + "publicIpNameSuffix": "-pip-01", + "roleAssignments": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + }, + "loadBalancerBackendAddressPools": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" + } + ], + "applicationSecurityGroups": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" + } + ] + } + ] } } } diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index 6cb95f8488..462400f1c8 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -22,8 +22,8 @@ param dnsServers array = [] @description('Optional. The network security group (NSG) to attach to the network interface.') param networkSecurityGroupResourceId string = '' -@description('Optional. A list of IPConfigurations of the network interface.') -param ipConfigurations array = [] +@description('Required. A list of IPConfigurations of the network interface.') +param ipConfigurations array @allowed([ 'CanNotDelete' diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index a8c0ecbfcb..837fc1aa3d 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -21,6 +21,7 @@ This module deploys Network Interfaces. **Required parameters** | Parameter Name | Type | Description | | :-- | :-- | :-- | +| `ipConfigurations` | array | A list of IPConfigurations of the network interface. | | `name` | string | The name of the network interface. | **Optional parameters** @@ -30,7 +31,6 @@ This module deploys Network Interfaces. | `enableAcceleratedNetworking` | bool | `False` | | If the network interface is accelerated networking enabled. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enableIPForwarding` | bool | `False` | | Indicates whether IP forwarding is enabled on this network interface. | -| `ipConfigurations` | array | `[]` | | A list of IPConfigurations of the network interface. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `'NotSpecified'` | `[CanNotDelete, NotSpecified, ReadOnly]` | Specify the type of lock. | | `networkSecurityGroupResourceId` | string | `''` | | The network security group (NSG) to attach to the network interface. | From 1794101129cd2126f586a28f3e463f51cae51b31 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 17:27:54 +0200 Subject: [PATCH 11/20] Update to latest --- .../networkInterfaces/readme.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index 837fc1aa3d..59ddc4dd59 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -37,6 +37,41 @@ This module deploys Network Interfaces. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | +### Parameter Usage: `ipConfigurations` + +The IP configurations to apply to the network interface. + +```json +"ipConfigurations": { + "value": [ + { + "name": "ipconfig01", + "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", + "pipConfiguration": { + "publicIpNameSuffix": "-pip-01", + "roleAssignments": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + }, + "loadBalancerBackendAddressPools": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" + } + ], + "applicationSecurityGroups": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" + } + ] + } + ] +} +``` ### Parameter Usage: `roleAssignments` From 09fdb8cb3b74a61eb63eea286b4927d9c3b53ffd Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 17:33:41 +0200 Subject: [PATCH 12/20] Update to latest --- arm/Microsoft.Network/networkInterfaces/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index 59ddc4dd59..6ccf93124a 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -37,6 +37,7 @@ This module deploys Network Interfaces. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | + ### Parameter Usage: `ipConfigurations` The IP configurations to apply to the network interface. From 1d18e73855eabc781877474bd3e7ec74243e546e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 18:11:22 +0200 Subject: [PATCH 13/20] Added diagnostic settings + cleanup --- .../ms.network.networkinterfaces.yml | 1 + .../.parameters/min.parameters.json | 17 +++++++ .../.parameters/parameters.json | 15 ++++++ .../networkInterfaces/deploy.bicep | 50 +++++++++++++++++++ .../networkInterfaces/readme.md | 35 ++++--------- 5 files changed, 93 insertions(+), 25 deletions(-) create mode 100644 arm/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json diff --git a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml index 286930f5b9..fa068f146f 100644 --- a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml @@ -45,6 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: + - path: $(modulePath)/.parameters/min.parameters.json - path: $(modulePath)/.parameters/parameters.json - stage: Publishing diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json b/arm/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json new file mode 100644 index 0000000000..9fe27817ce --- /dev/null +++ b/arm/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-nic-min-001" + }, + "ipConfigurations": { + "value": [ + { + "name": "ipconfig01", + "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" + } + ] + } + } +} diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json index ecc40d2e77..64d4fc5ef1 100644 --- a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json @@ -43,6 +43,21 @@ ] } ] + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + }, + "diagnosticWorkspaceId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + }, + "diagnosticEventHubName": { + "value": "adp-<>-az-evh-x-001" } } } diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index 462400f1c8..fbba64b21b 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -36,6 +36,44 @@ param lock string = 'NotSpecified' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource identifier of log analytics.') +param diagnosticWorkspaceId string = '' + +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'AllMetrics' +]) +param diagnosticMetricsToEnable array = [ + 'AllMetrics' +] + +@description('Optional. The name of the diagnostic setting, if deployed.') +param diagnosticSettingsName string = '${name}-diagnosticSettings' + +var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { @@ -85,6 +123,18 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { } } +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { + name: diagnosticSettingsName + properties: { + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null + metrics: diagnosticsMetrics + } + scope: networkInterface +} + resource networkInterface_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${networkInterface.name}-${lock}-lock' properties: { diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index 6ccf93124a..695d0077ad 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -43,32 +43,17 @@ This module deploys Network Interfaces. The IP configurations to apply to the network interface. ```json -"ipConfigurations": { - "value": [ +{ + "name": "ipconfig01", + "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", + "loadBalancerBackendAddressPools": [ { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "pipConfiguration": { - "publicIpNameSuffix": "-pip-01", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "loadBalancerBackendAddressPools": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" - } - ], - "applicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ] + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" + } + ], + "applicationSecurityGroups": [ + { + "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" } ] } From 279f012cb6b792c9332d997e4d9120362100b955 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 18:12:39 +0200 Subject: [PATCH 14/20] Update to latest --- .../networkInterfaces/.parameters/parameters.json | 11 ----------- arm/Microsoft.Network/networkInterfaces/readme.md | 8 ++++++++ 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json index 64d4fc5ef1..7eb7ebc50f 100644 --- a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json @@ -20,17 +20,6 @@ { "name": "ipconfig01", "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "pipConfiguration": { - "publicIpNameSuffix": "-pip-01", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, "loadBalancerBackendAddressPools": [ { "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index 695d0077ad..c4ed2eaeac 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -14,6 +14,7 @@ This module deploys Network Interfaces. | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/networkInterfaces` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkInterfaces) | ## Parameters @@ -27,6 +28,13 @@ This module deploys Network Interfaces. **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | +| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | +| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | `''` | | Resource identifier of log analytics. | | `dnsServers` | array | `[]` | | List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. | | `enableAcceleratedNetworking` | bool | `False` | | If the network interface is accelerated networking enabled. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | From 263c24faf2373cd725ffbf117be4f4bd04844add Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 16 May 2022 19:09:44 +0200 Subject: [PATCH 15/20] Update arm/Microsoft.Network/networkInterfaces/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- arm/Microsoft.Network/networkInterfaces/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index fbba64b21b..6a37086ed5 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -161,7 +161,7 @@ output name string = networkInterface.name @description('The resource ID of the deployed resource.') output resourceId string = networkInterface.id -@description('The resourceGroup of the deployed resource.') +@description('The resource group of the deployed resource.') output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') From 78ffcf872b3af415edbe0989514ebcf716f31dd0 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 16 May 2022 19:11:19 +0200 Subject: [PATCH 16/20] Update to latest --- arm/Microsoft.Network/networkInterfaces/readme.md | 2 +- arm/Microsoft.Sql/servers/databases/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/databases/readme.md | 2 +- arm/Microsoft.Sql/servers/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/firewallRules/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/firewallRules/readme.md | 2 +- arm/Microsoft.Sql/servers/readme.md | 2 +- arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/arm/Microsoft.Network/networkInterfaces/readme.md index c4ed2eaeac..d8294ae6e8 100644 --- a/arm/Microsoft.Network/networkInterfaces/readme.md +++ b/arm/Microsoft.Network/networkInterfaces/readme.md @@ -116,5 +116,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed resource. | -| `resourceGroupName` | string | The resourceGroup of the deployed resource. | +| `resourceGroupName` | string | The resource group of the deployed resource. | | `resourceId` | string | The resource ID of the deployed resource. | diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 2c1dbf863e..7b0d913b03 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -223,7 +223,7 @@ output name string = database.name @description('The resource ID of the deployed database.') output resourceId string = database.id -@description('The resourceGroup of the deployed database.') +@description('The resource group of the deployed database.') output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/arm/Microsoft.Sql/servers/databases/readme.md index b8dc1027b1..598755dc6b 100644 --- a/arm/Microsoft.Sql/servers/databases/readme.md +++ b/arm/Microsoft.Sql/servers/databases/readme.md @@ -83,5 +83,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed database. | -| `resourceGroupName` | string | The resourceGroup of the deployed database. | +| `resourceGroupName` | string | The resource group of the deployed database. | | `resourceId` | string | The resource ID of the deployed database. | diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index c754c94264..5626592660 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -209,7 +209,7 @@ output name string = server.name @description('The resource ID of the deployed SQL server.') output resourceId string = server.id -@description('The resourceGroup of the deployed SQL server.') +@description('The resource group of the deployed SQL server.') output resourceGroupName string = resourceGroup().name @description('The principal ID of the system assigned identity.') diff --git a/arm/Microsoft.Sql/servers/firewallRules/deploy.bicep b/arm/Microsoft.Sql/servers/firewallRules/deploy.bicep index ec242a2453..2ca51b8545 100644 --- a/arm/Microsoft.Sql/servers/firewallRules/deploy.bicep +++ b/arm/Microsoft.Sql/servers/firewallRules/deploy.bicep @@ -44,5 +44,5 @@ output name string = firewallRule.name @description('The resource ID of the deployed firewall rule.') output resourceId string = firewallRule.id -@description('The resourceGroup of the deployed firewall rule.') +@description('The resource group of the deployed firewall rule.') output resourceGroupName string = resourceGroup().name diff --git a/arm/Microsoft.Sql/servers/firewallRules/readme.md b/arm/Microsoft.Sql/servers/firewallRules/readme.md index 6d059ebe87..cfaef0038a 100644 --- a/arm/Microsoft.Sql/servers/firewallRules/readme.md +++ b/arm/Microsoft.Sql/servers/firewallRules/readme.md @@ -39,5 +39,5 @@ This module deploys an SQL Server Firewall rule. | Output Name | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed firewall rule. | -| `resourceGroupName` | string | The resourceGroup of the deployed firewall rule. | +| `resourceGroupName` | string | The resource group of the deployed firewall rule. | | `resourceId` | string | The resource ID of the deployed firewall rule. | diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index fe4fe57da4..adae5067d3 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -169,6 +169,6 @@ To use Private Endpoint the following dependencies must be deployed: | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed SQL server. | -| `resourceGroupName` | string | The resourceGroup of the deployed SQL server. | +| `resourceGroupName` | string | The resource group of the deployed SQL server. | | `resourceId` | string | The resource ID of the deployed SQL server. | | `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep b/arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep index 61e277134c..e745b2ce4d 100644 --- a/arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep +++ b/arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep @@ -69,5 +69,5 @@ output name string = securityAlertPolicy.name @description('The resource ID of the deployed security alert policy.') output resourceId string = securityAlertPolicy.id -@description('The resourceGroup of the deployed security alert policy.') +@description('The resource group of the deployed security alert policy.') output resourceGroupName string = resourceGroup().name diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md index ba5330a064..5e7b710bc8 100644 --- a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md +++ b/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md @@ -44,5 +44,5 @@ This module deploys an SQL Server Security Alert Policy. | Output Name | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed security alert policy. | -| `resourceGroupName` | string | The resourceGroup of the deployed security alert policy. | +| `resourceGroupName` | string | The resource group of the deployed security alert policy. | | `resourceId` | string | The resource ID of the deployed security alert policy. | From cf40cc7df6f20c3da9933d68d700e4e54719130a Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 16 May 2022 23:35:23 +0200 Subject: [PATCH 17/20] Update .github/workflows/ms.network.networkinterfaces.yml Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .github/workflows/ms.network.networkinterfaces.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.network.networkinterfaces.yml b/.github/workflows/ms.network.networkinterfaces.yml index 5b1dd6c228..fadb94119e 100644 --- a/.github/workflows/ms.network.networkinterfaces.yml +++ b/.github/workflows/ms.network.networkinterfaces.yml @@ -28,7 +28,7 @@ on: env: variablesPath: 'global.variables.yml' modulePath: 'arm/Microsoft.Network/networkInterfaces' - workflowPath: '.github/workflows/ms.network.networkInterfaces.yml' + workflowPath: '.github/workflows/ms.network.networkinterfaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' From 224ed079db23c57f38bc1750aed8cc7de4087cbd Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 16 May 2022 23:35:28 +0200 Subject: [PATCH 18/20] Update .github/workflows/ms.network.networkinterfaces.yml Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .github/workflows/ms.network.networkinterfaces.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.network.networkinterfaces.yml b/.github/workflows/ms.network.networkinterfaces.yml index fadb94119e..feda3575e3 100644 --- a/.github/workflows/ms.network.networkinterfaces.yml +++ b/.github/workflows/ms.network.networkinterfaces.yml @@ -18,7 +18,7 @@ on: - main paths: - '.github/actions/templates/**' - - '.github/workflows/ms.network.networkInterfaces.yml' + - '.github/workflows/ms.network.networkinterfaces.yml' - 'arm/Microsoft.Network/networkInterfaces/**' - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' From eef85ad697a7aea8823e1d82be6828df1e9cc61f Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Thu, 19 May 2022 12:47:00 +0200 Subject: [PATCH 19/20] Update .azuredevops/modulePipelines/ms.network.networkinterfaces.yml Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .azuredevops/modulePipelines/ms.network.networkinterfaces.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml index fa068f146f..b4c77b7569 100644 --- a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml @@ -19,7 +19,7 @@ trigger: - main paths: include: - - '/.azuredevops/modulePipelines/ms.network.networkInterfaces.yml' + - '/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml' - '/.azuredevops/pipelineTemplates/module.*.yml' - '/arm/Microsoft.Network/networkInterfaces/*' - '/arm/.global/global.module.tests.ps1' From 7ac144db1ddd903c30d858a7fb5bd2d2f355b416 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Thu, 19 May 2022 12:47:08 +0200 Subject: [PATCH 20/20] Update arm/Microsoft.Network/networkInterfaces/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- arm/Microsoft.Network/networkInterfaces/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index 6a37086ed5..611c37b801 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -123,7 +123,7 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { } } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { +resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: diagnosticSettingsName properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null