From 1ca7ce92b8335c6265cd59e19bea998549a8e528 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 24 Jun 2022 12:06:06 +0200 Subject: [PATCH 1/9] Updated groupID --- .../factories/.parameters/parameters.json | 2 +- arm/Microsoft.DataFactory/factories/readme.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json index 50aada6a4e..f7f05a0d5a 100644 --- a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json +++ b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json @@ -66,7 +66,7 @@ "value": [ { "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "amlworkspace" + "service": "dataFactory" } ] }, diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index a0ccf976e1..c102b4459a 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -58,7 +58,7 @@ | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | +| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | bool | `True` | | Enable or disable public network access. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | @@ -363,7 +363,7 @@ privateEndpoints: [ "value": [ { "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "amlworkspace" + "service": "dataFactory" } ] }, @@ -426,7 +426,7 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { privateEndpoints: [ { subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'amlworkspace' + service: 'dataFactory' } ] cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' From b4a7a449bf62b46dc943d6e64cd458d4be310b12 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 24 Jun 2022 13:04:36 +0200 Subject: [PATCH 2/9] Added public endpoint handling --- arm/Microsoft.DataFactory/factories/deploy.bicep | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index 484e0514b6..a331b61c05 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -175,8 +175,16 @@ resource dataFactory 'Microsoft.DataFactory/factories@2018-06-01' = { tags: tags identity: identity properties: { - repoConfiguration: bool(gitConfigureLater) ? null : json('{"type": "${gitRepoType}","accountName": "${gitAccountName}","repositoryName": "${gitRepositoryName}",${((gitRepoType == 'FactoryVSTSConfiguration') ? '"projectName": "${gitProjectName}",' : '')}"collaborationBranch": "${gitCollaborationBranch}","rootFolder": "${gitRootFolder}"}') - publicNetworkAccess: bool(publicNetworkAccess) ? 'Enabled' : 'Disabled' + repoConfiguration: bool(gitConfigureLater) ? null : union({ + type: gitRepoType + accountName: gitAccountName + repositoryName: gitRepositoryName + collaborationBranch: gitCollaborationBranch + rootFolder: gitRootFolder + }, (gitRepoType == 'FactoryVSTSConfiguration' ? { + projectName: gitProjectName + } : {}), {}) + publicNetworkAccess: publicNetworkAccess && empty(privateEndpoints) ? 'Enabled' : 'Disabled' encryption: !empty(cMKKeyName) ? { identity: { userAssignedIdentity: cMKUserAssignedIdentityResourceId From 4068fb579f69483b0fdb66753ca60e8c59be3269 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 24 Jun 2022 13:09:58 +0200 Subject: [PATCH 3/9] Resolved conflicts --- .../factories/deploy.bicep | 20 +++++++++++++++++++ arm/Microsoft.DataFactory/factories/readme.md | 8 ++++++++ 2 files changed, 28 insertions(+) diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index 2fafd244aa..9a9653e521 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -65,6 +65,21 @@ param systemAssignedIdentity bool = false @description('Optional. The ID(s) to assign to the resource.') param userAssignedIdentities object = {} +@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints array = [] + +@description('Optional. The resource ID of a key vault to reference a customer managed key for encryption from.') +param cMKKeyVaultResourceId string = '' + +@description('Optional. The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter \'systemAssignedIdentity\' enabled.') +param cMKKeyName string = '' + +@description('Conditional. User assigned identity to use when fetching the customer managed key. Required if \'cMKeyName\' is not empty.') +param cMKUserAssignedIdentityResourceId string = '' + +@description('Conditional. The version of the customer managed key to reference for encryption. Required if \'cMKeyName\' is not empty.') +param cMKKeyVersion string = '' + @description('Optional. The name of logs that will be streamed.') @allowed([ 'ActivityRuns' @@ -137,6 +152,11 @@ var identity = identityType != 'None' ? { var enableReferencedModulesTelemetry = false +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split(cMKKeyVaultResourceId, '/')) + scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +} + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' properties: { diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index fa0da5f71c..f3fbfca308 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -25,9 +25,17 @@ | :-- | :-- | :-- | | `name` | string | The name of the Azure Factory to create. | +**Conditional parameters** +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `cMKKeyVersion` | string | `''` | The version of the customer managed key to reference for encryption. Required if 'cMKeyName' is not empty. | +| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKeyName' is not empty. | + **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | +| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogCategoriesToEnable` | array | `[ActivityRuns, PipelineRuns, TriggerRuns, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageEventMessageContext, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, SSISIntegrationRuntimeLogs]` | `[ActivityRuns, PipelineRuns, TriggerRuns, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageEventMessageContext, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, SSISIntegrationRuntimeLogs]` | The name of logs that will be streamed. | From 66716e7a9f938edf64552c424d58fa6c7a780ac1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 24 Jun 2022 13:10:56 +0200 Subject: [PATCH 4/9] Resolved conflicts --- arm/Microsoft.DataFactory/factories/deploy.bicep | 4 ++-- arm/Microsoft.DataFactory/factories/readme.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index 9a9653e521..36cb1fb5fc 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -71,13 +71,13 @@ param privateEndpoints array = [] @description('Optional. The resource ID of a key vault to reference a customer managed key for encryption from.') param cMKKeyVaultResourceId string = '' -@description('Optional. The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter \'systemAssignedIdentity\' enabled.') +@description('Optional. The name of the customer managed key to use for encryption.') param cMKKeyName string = '' @description('Conditional. User assigned identity to use when fetching the customer managed key. Required if \'cMKeyName\' is not empty.') param cMKUserAssignedIdentityResourceId string = '' -@description('Conditional. The version of the customer managed key to reference for encryption. Required if \'cMKeyName\' is not empty.') +@description('Conditional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.') param cMKKeyVersion string = '' @description('Optional. The name of logs that will be streamed.') diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index f3fbfca308..e1e65fbe11 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -28,13 +28,13 @@ **Conditional parameters** | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | -| `cMKKeyVersion` | string | `''` | The version of the customer managed key to reference for encryption. Required if 'cMKeyName' is not empty. | +| `cMKKeyVersion` | string | `''` | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | | `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKeyName' is not empty. | **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | +| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | From 0fb9b8a482aad544400ec08c9a66e100cea8bf12 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 25 Jun 2022 00:20:23 +0200 Subject: [PATCH 5/9] Update to latest --- arm/Microsoft.DataFactory/factories/deploy.bicep | 4 ++-- arm/Microsoft.DataFactory/factories/readme.md | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index 36cb1fb5fc..c1718d82e9 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -74,10 +74,10 @@ param cMKKeyVaultResourceId string = '' @description('Optional. The name of the customer managed key to use for encryption.') param cMKKeyName string = '' -@description('Conditional. User assigned identity to use when fetching the customer managed key. Required if \'cMKeyName\' is not empty.') +@description('Optional. User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first.') param cMKUserAssignedIdentityResourceId string = '' -@description('Conditional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.') +@description('Optional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.') param cMKKeyVersion string = '' @description('Optional. The name of logs that will be streamed.') diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index e1e65fbe11..6607364418 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -25,17 +25,13 @@ | :-- | :-- | :-- | | `name` | string | The name of the Azure Factory to create. | -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVersion` | string | `''` | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKeyName' is not empty. | - **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | +| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogCategoriesToEnable` | array | `[ActivityRuns, PipelineRuns, TriggerRuns, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageEventMessageContext, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, SSISIntegrationRuntimeLogs]` | `[ActivityRuns, PipelineRuns, TriggerRuns, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageEventMessageContext, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, SSISIntegrationRuntimeLogs]` | The name of logs that will be streamed. | From b7a706cc2b677b3ab7d63497e0d9951e78c99430 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 12:21:14 +0200 Subject: [PATCH 6/9] Moved param --- modules/Microsoft.DataFactory/factories/deploy.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index 2acb993233..e869664a5d 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -74,12 +74,12 @@ param cMKKeyVaultResourceId string = '' @description('Optional. The name of the customer managed key to use for encryption.') param cMKKeyName string = '' -@description('Optional. User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first.') -param cMKUserAssignedIdentityResourceId string = '' - @description('Optional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.') param cMKKeyVersion string = '' +@description('Optional. User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first.') +param cMKUserAssignedIdentityResourceId string = '' + @description('Optional. The name of logs that will be streamed.') @allowed([ 'ActivityRuns' From 5acc5e0fbe857b7f7751f332c9f7b7fe18171fef Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 13:28:22 +0200 Subject: [PATCH 7/9] Fixed comment --- modules/Microsoft.DataFactory/factories/deploy.bicep | 2 +- modules/Microsoft.DataFactory/factories/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index e869664a5d..31d473916b 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -77,7 +77,7 @@ param cMKKeyName string = '' @description('Optional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.') param cMKKeyVersion string = '' -@description('Optional. User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first.') +@description('Optional. User assigned identity to use when fetching the customer managed key.') param cMKUserAssignedIdentityResourceId string = '' @description('Optional. The name of logs that will be streamed.') diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index 86401b3bb8..cd194d5c57 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -31,7 +31,7 @@ | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | +| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogCategoriesToEnable` | array | `[ActivityRuns, PipelineRuns, TriggerRuns, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageEventMessageContext, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, SSISIntegrationRuntimeLogs]` | `[ActivityRuns, PipelineRuns, TriggerRuns, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageEventMessageContext, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, SSISIntegrationRuntimeLogs]` | The name of logs that will be streamed. | From eb295be086238cca29b9cfe9bc7a9df13bf19e2c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 13:33:46 +0200 Subject: [PATCH 8/9] Updated cmk implemnetation --- .../factories/.test/parameters.json | 2 +- modules/Microsoft.DataFactory/factories/deploy.bicep | 11 ++++++++--- modules/Microsoft.DataFactory/factories/readme.md | 6 +++--- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/Microsoft.DataFactory/factories/.test/parameters.json b/modules/Microsoft.DataFactory/factories/.test/parameters.json index f7f05a0d5a..e1fa770665 100644 --- a/modules/Microsoft.DataFactory/factories/.test/parameters.json +++ b/modules/Microsoft.DataFactory/factories/.test/parameters.json @@ -24,7 +24,7 @@ } }, "publicNetworkAccess": { - "value": true + "value": "Disabled" }, "gitConfigureLater": { "value": true diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index 31d473916b..84ad15b8b1 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -10,8 +10,13 @@ param integrationRuntime object = {} @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@description('Optional. Enable or disable public network access.') -param publicNetworkAccess bool = true +@description('Optional. Whether or not public network access is allowed for this resource.') +@allowed([ + '' + 'Enabled' + 'Disabled' +]) +param publicNetworkAccess string = '' @description('Optional. Boolean to define whether or not to configure git during template deployment.') param gitConfigureLater bool = true @@ -184,7 +189,7 @@ resource dataFactory 'Microsoft.DataFactory/factories@2018-06-01' = { }, (gitRepoType == 'FactoryVSTSConfiguration' ? { projectName: gitProjectName } : {}), {}) - publicNetworkAccess: publicNetworkAccess && empty(privateEndpoints) ? 'Enabled' : 'Disabled' + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) encryption: !empty(cMKKeyName) ? { identity: { userAssignedIdentity: cMKUserAssignedIdentityResourceId diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index cd194d5c57..cd505a7018 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -53,7 +53,7 @@ | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | | `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | bool | `True` | | Enable or disable public network access. | +| `publicNetworkAccess` | string | `''` | `[, Enabled, Disabled]` | Whether or not public network access is allowed for this resource. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | @@ -315,7 +315,7 @@ privateEndpoints: [ } }, "publicNetworkAccess": { - "value": true + "value": "Disabled" }, "gitConfigureLater": { "value": true @@ -397,7 +397,7 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { } } } - publicNetworkAccess: true + publicNetworkAccess: 'Disabled' gitConfigureLater: true roleAssignments: [ { From a0ab5503b638ada7f15443d06051670bddebfb4d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:29:56 +0200 Subject: [PATCH 9/9] Updated param --- modules/Microsoft.DataFactory/factories/deploy.bicep | 3 +-- modules/Microsoft.DataFactory/factories/readme.md | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index 84ad15b8b1..19383e59fd 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -12,11 +12,10 @@ param location string = resourceGroup().location @description('Optional. Whether or not public network access is allowed for this resource.') @allowed([ - '' 'Enabled' 'Disabled' ]) -param publicNetworkAccess string = '' +param publicNetworkAccess string = 'Disabled' @description('Optional. Boolean to define whether or not to configure git during template deployment.') param gitConfigureLater bool = true diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index cd505a7018..16527bdac5 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -53,7 +53,7 @@ | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | | `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `[, Enabled, Disabled]` | Whether or not public network access is allowed for this resource. | +| `publicNetworkAccess` | string | `'Disabled'` | `[Enabled, Disabled]` | Whether or not public network access is allowed for this resource. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. |