From 7b23082a07cc1f4e4e57d29092ef13418d3e880a Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sat, 25 Jun 2022 23:31:40 +0200 Subject: [PATCH] Fix roleAssignments naming and missing rename --- arm/Microsoft.AAD/DomainServices/deploy.bicep | 2 +- .../servers/deploy.bicep | 2 +- .../service/deploy.bicep | 2 +- .../configurationStores/deploy.bicep | 2 +- .../automationAccounts/deploy.bicep | 2 +- .../accounts/deploy.bicep | 2 +- .../availabilitySets/deploy.bicep | 2 +- .../diskEncryptionSets/deploy.bicep | 2 +- arm/Microsoft.Compute/disks/deploy.bicep | 2 +- arm/Microsoft.Compute/galleries/deploy.bicep | 2 +- .../galleries/images/deploy.bicep | 2 +- arm/Microsoft.Compute/images/deploy.bicep | 2 +- .../proximityPlacementGroups/deploy.bicep | 2 +- .../virtualMachineScaleSets/deploy.bicep | 2 +- .../virtualMachines/deploy.bicep | 2 +- .../registries/deploy.bicep | 2 +- .../managedClusters/deploy.bicep | 2 +- .../factories/deploy.bicep | 2 +- ...bac.bicep => nested_roleAssignments.bicep} | 0 .../backupVaults/deploy.bicep | 2 +- .../workspaces/deploy.bicep | 2 +- .../applicationgroups/deploy.bicep | 2 +- .../hostpools/deploy.bicep | 2 +- .../scalingplans/deploy.bicep | 2 +- .../workspaces/deploy.bicep | 2 +- .../databaseAccounts/deploy.bicep | 2 +- .../systemTopics/deploy.bicep | 2 +- arm/Microsoft.EventGrid/topics/deploy.bicep | 2 +- .../namespaces/deploy.bicep | 2 +- .../namespaces/eventhubs/deploy.bicep | 2 +- .../healthBots/deploy.bicep | 2 +- .../actionGroups/deploy.bicep | 2 +- .../activityLogAlerts/deploy.bicep | 2 +- .../components/deploy.bicep | 2 +- .../metricAlerts/deploy.bicep | 2 +- .../privateLinkScopes/deploy.bicep | 2 +- .../scheduledQueryRules/deploy.bicep | 2 +- arm/Microsoft.KeyVault/vaults/deploy.bicep | 2 +- .../vaults/keys/deploy.bicep | 2 +- .../vaults/secrets/deploy.bicep | 2 +- arm/Microsoft.Logic/workflows/deploy.bicep | 2 +- .../workspaces/deploy.bicep | 2 +- .../userAssignedIdentities/deploy.bicep | 2 +- .../netAppAccounts/capacityPools/deploy.bicep | 2 +- .../capacityPools/volumes/deploy.bicep | 2 +- .../netAppAccounts/deploy.bicep | 2 +- .../applicationGateways/deploy.bicep | 96 +++++++++---------- .../applicationSecurityGroups/deploy.bicep | 2 +- .../azureFirewalls/deploy.bicep | 2 +- .../bastionHosts/deploy.bicep | 14 +-- .../ddosProtectionPlans/deploy.bicep | 2 +- .../expressRouteCircuits/deploy.bicep | 2 +- arm/Microsoft.Network/frontDoors/deploy.bicep | 2 +- arm/Microsoft.Network/ipGroups/deploy.bicep | 2 +- .../loadBalancers/deploy.bicep | 2 +- .../localNetworkGateways/deploy.bicep | 2 +- .../natGateways/deploy.bicep | 2 +- .../networkInterfaces/deploy.bicep | 2 +- .../networkSecurityGroups/deploy.bicep | 2 +- .../networkWatchers/deploy.bicep | 2 +- .../privateDnsZones/A/deploy.bicep | 2 +- .../privateDnsZones/AAAA/deploy.bicep | 2 +- .../privateDnsZones/CNAME/deploy.bicep | 2 +- .../privateDnsZones/MX/deploy.bicep | 2 +- .../privateDnsZones/PTR/deploy.bicep | 2 +- .../privateDnsZones/SOA/deploy.bicep | 2 +- .../privateDnsZones/SRV/deploy.bicep | 2 +- .../privateDnsZones/TXT/deploy.bicep | 2 +- .../privateDnsZones/deploy.bicep | 2 +- .../privateEndpoints/deploy.bicep | 2 +- .../publicIPAddresses/deploy.bicep | 2 +- .../publicIPPrefixes/deploy.bicep | 2 +- .../routeTables/deploy.bicep | 2 +- .../trafficmanagerprofiles/deploy.bicep | 2 +- .../virtualNetworkGateways/deploy.bicep | 2 +- .../virtualNetworks/deploy.bicep | 2 +- .../virtualNetworks/subnets/deploy.bicep | 2 +- .../virtualWans/deploy.bicep | 2 +- arm/Microsoft.Network/vpnSites/deploy.bicep | 2 +- .../workspaces/deploy.bicep | 2 +- .../vaults/deploy.bicep | 2 +- .../resourceGroups/deploy.bicep | 2 +- .../namespaces/deploy.bicep | 2 +- .../namespaces/queues/deploy.bicep | 2 +- .../namespaces/topics/deploy.bicep | 2 +- .../clusters/deploy.bicep | 42 ++++---- .../managedInstances/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/deploy.bicep | 2 +- .../blobServices/containers/deploy.bicep | 2 +- .../storageAccounts/deploy.bicep | 2 +- .../fileServices/shares/deploy.bicep | 2 +- .../queueServices/queues/deploy.bicep | 2 +- .../privateLinkHubs/deploy.bicep | 2 +- .../imageTemplates/deploy.bicep | 2 +- arm/Microsoft.Web/connections/deploy.bicep | 2 +- .../hostingEnvironments/deploy.bicep | 2 +- arm/Microsoft.Web/serverfarms/deploy.bicep | 2 +- arm/Microsoft.Web/sites/deploy.bicep | 2 +- arm/Microsoft.Web/staticSites/deploy.bicep | 2 +- docs/wiki/The library - Module design.md | 6 +- 100 files changed, 174 insertions(+), 174 deletions(-) rename arm/Microsoft.DataProtection/backupVaults/.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep} (100%) diff --git a/arm/Microsoft.AAD/DomainServices/deploy.bicep b/arm/Microsoft.AAD/DomainServices/deploy.bicep index 677eea59fa..4ebf3faacb 100644 --- a/arm/Microsoft.AAD/DomainServices/deploy.bicep +++ b/arm/Microsoft.AAD/DomainServices/deploy.bicep @@ -240,7 +240,7 @@ resource domainService_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!em scope: domainService } -module domainService_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module domainService_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VNet-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.AnalysisServices/servers/deploy.bicep b/arm/Microsoft.AnalysisServices/servers/deploy.bicep index 299d482632..701fc1f96e 100644 --- a/arm/Microsoft.AnalysisServices/servers/deploy.bicep +++ b/arm/Microsoft.AnalysisServices/servers/deploy.bicep @@ -143,7 +143,7 @@ resource server_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-0 scope: server } -module server_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module server_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AnServicesServer-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ApiManagement/service/deploy.bicep b/arm/Microsoft.ApiManagement/service/deploy.bicep index 9ac435f3a8..499532f1cf 100644 --- a/arm/Microsoft.ApiManagement/service/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/deploy.bicep @@ -441,7 +441,7 @@ resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticS scope: apiManagementService } -module apiManagementService_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module apiManagementService_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Apim-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 1a6429c020..a6600c30bd 100644 --- a/arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -194,7 +194,7 @@ resource configurationStore_diagnosticSettings 'Microsoft.Insights/diagnosticset scope: configurationStore } -module configurationStore_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module configurationStore_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppConfig-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 387eba3a0c..10668efd34 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -376,7 +376,7 @@ module automationAccount_privateEndpoints '../../Microsoft.Network/privateEndpoi } }] -module automationAccount_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module automationAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AutoAccount-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep index a8dc05ffa1..589622cc27 100644 --- a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -261,7 +261,7 @@ module cognitiveServices_privateEndpoints '../../Microsoft.Network/privateEndpoi } }] -module cognitiveServices_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module cognitiveServices_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-CognitiveServices-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/availabilitySets/deploy.bicep b/arm/Microsoft.Compute/availabilitySets/deploy.bicep index 487a64c862..a822e0aa2e 100644 --- a/arm/Microsoft.Compute/availabilitySets/deploy.bicep +++ b/arm/Microsoft.Compute/availabilitySets/deploy.bicep @@ -73,7 +73,7 @@ resource availabilitySet_lock 'Microsoft.Authorization/locks@2017-04-01' = if (! scope: availabilitySet } -module availabilitySet_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module availabilitySet_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AvSet-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep index 56827da5a4..ac7150174a 100644 --- a/arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep +++ b/arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep @@ -84,7 +84,7 @@ module keyVaultAccessPolicies '../../Microsoft.KeyVault/vaults/accessPolicies/de scope: resourceGroup(split(keyVaultId, '/')[2], split(keyVaultId, '/')[4]) } -module diskEncryptionSet_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module diskEncryptionSet_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-DiskEncrSet-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/disks/deploy.bicep b/arm/Microsoft.Compute/disks/deploy.bicep index e0b4ce52ad..1db051aed9 100644 --- a/arm/Microsoft.Compute/disks/deploy.bicep +++ b/arm/Microsoft.Compute/disks/deploy.bicep @@ -176,7 +176,7 @@ resource disk_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock) scope: disk } -module disk_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module disk_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AvSet-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/galleries/deploy.bicep b/arm/Microsoft.Compute/galleries/deploy.bicep index 79c44f1104..55acc31b59 100644 --- a/arm/Microsoft.Compute/galleries/deploy.bicep +++ b/arm/Microsoft.Compute/galleries/deploy.bicep @@ -61,7 +61,7 @@ resource gallery_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lo scope: gallery } -module gallery_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module gallery_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Gallery-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/galleries/images/deploy.bicep b/arm/Microsoft.Compute/galleries/images/deploy.bicep index e7d9eeaade..fd0c265da3 100644 --- a/arm/Microsoft.Compute/galleries/images/deploy.bicep +++ b/arm/Microsoft.Compute/galleries/images/deploy.bicep @@ -150,7 +150,7 @@ resource image 'Microsoft.Compute/galleries/images@2021-10-01' = { } } -module galleryImage_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module galleryImage_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/images/deploy.bicep b/arm/Microsoft.Compute/images/deploy.bicep index dc01ff1312..3e57fd0ad8 100644 --- a/arm/Microsoft.Compute/images/deploy.bicep +++ b/arm/Microsoft.Compute/images/deploy.bicep @@ -62,7 +62,7 @@ resource image 'Microsoft.Compute/images@2021-04-01' = { } } -module image_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module image_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Image-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep index f9fb427305..da83b30727 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep +++ b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep @@ -58,7 +58,7 @@ resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2017-04-01' scope: proximityPlacementGroup } -module proximityPlacementGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module proximityPlacementGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ProxPlaceGroup-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep index f672d34db8..c4cfd7d585 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep @@ -647,7 +647,7 @@ resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05- scope: vmss } -module vmss_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module vmss_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VMSS-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Compute/virtualMachines/deploy.bicep b/arm/Microsoft.Compute/virtualMachines/deploy.bicep index a771424a0d..159c153be0 100644 --- a/arm/Microsoft.Compute/virtualMachines/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachines/deploy.bicep @@ -647,7 +647,7 @@ resource vm_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) scope: vm } -module vm_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module vm_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VM-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index a473b296a9..92acdbaa8c 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -307,7 +307,7 @@ resource registry_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2 scope: registry } -module registry_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module registry_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ContainerRegistry-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep index 52ded3c4f5..b3566e17e5 100644 --- a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -555,7 +555,7 @@ resource managedCluster_diagnosticSettings 'Microsoft.Insights/diagnosticsetting scope: managedCluster } -module managedCluster_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module managedCluster_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ManagedCluster-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index 7b740e8e3b..3046acdaa9 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -206,7 +206,7 @@ resource dataFactory_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2 scope: dataFactory } -module dataFactory_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module dataFactory_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-DataFactory-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_rbac.bicep b/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/.bicep/nested_rbac.bicep rename to arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DataProtection/backupVaults/deploy.bicep b/arm/Microsoft.DataProtection/backupVaults/deploy.bicep index 7018414b15..9bf4bbd954 100644 --- a/arm/Microsoft.DataProtection/backupVaults/deploy.bicep +++ b/arm/Microsoft.DataProtection/backupVaults/deploy.bicep @@ -100,7 +100,7 @@ resource backupVault_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empt scope: backupVault } -module backupVault_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: { +module backupVault_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-bv-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Databricks/workspaces/deploy.bicep b/arm/Microsoft.Databricks/workspaces/deploy.bicep index bd531ac2b2..126ca0719e 100644 --- a/arm/Microsoft.Databricks/workspaces/deploy.bicep +++ b/arm/Microsoft.Databricks/workspaces/deploy.bicep @@ -140,7 +140,7 @@ resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@202 scope: workspace } -module workspace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-DataBricks-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep index 8a1cb90b38..5618d12940 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep @@ -150,7 +150,7 @@ module appGroup_applications 'applications/deploy.bicep' = [for (application, in } }] -module appGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module appGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppGroup-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep index 37e98eb3e0..e4f3126f4b 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep @@ -186,7 +186,7 @@ resource hostPool_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021 scope: hostPool } -module hostPool_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module hostPool_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-HostPool-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep b/arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep index e3cd280024..66bf926312 100644 --- a/arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep @@ -135,7 +135,7 @@ resource scalingplan_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2 scope: scalingPlan } -module scalingplan_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module scalingplan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Workspace-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep index 2036ead3ea..5f31b36f53 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep @@ -117,7 +117,7 @@ resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@202 scope: workspace } -module workspace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Workspace-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep index 1f603356aa..0028fa6df3 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep +++ b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep @@ -240,7 +240,7 @@ resource databaseAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettin scope: databaseAccount } -module databaseAccount_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module databaseAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.EventGrid/systemTopics/deploy.bicep b/arm/Microsoft.EventGrid/systemTopics/deploy.bicep index 4814c0b7f8..4f023500da 100644 --- a/arm/Microsoft.EventGrid/systemTopics/deploy.bicep +++ b/arm/Microsoft.EventGrid/systemTopics/deploy.bicep @@ -140,7 +140,7 @@ resource systemTopic_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2 scope: systemTopic } -module systemTopic_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module systemTopic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-EventGrid-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.EventGrid/topics/deploy.bicep b/arm/Microsoft.EventGrid/topics/deploy.bicep index 58f651c84f..34865a210d 100644 --- a/arm/Microsoft.EventGrid/topics/deploy.bicep +++ b/arm/Microsoft.EventGrid/topics/deploy.bicep @@ -153,7 +153,7 @@ module topic_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.b } }] -module topic_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module topic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-topic-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.EventHub/namespaces/deploy.bicep b/arm/Microsoft.EventHub/namespaces/deploy.bicep index 657ea68a8b..8d85a4fd1e 100644 --- a/arm/Microsoft.EventHub/namespaces/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/deploy.bicep @@ -297,7 +297,7 @@ module eventHubNamespace_privateEndpoints '../../Microsoft.Network/privateEndpoi } }] -module eventHubNamespace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module eventHubNamespace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-EvhbNamespace-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep index fe11d46e7f..9e447a54b6 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep @@ -177,7 +177,7 @@ module eventHub_authorizationRules 'authorizationRules/deploy.bicep' = [for (aut } }] -module eventHub_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module eventHub_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.HealthBot/healthBots/deploy.bicep b/arm/Microsoft.HealthBot/healthBots/deploy.bicep index e8eb13754d..b4de7ab9c6 100644 --- a/arm/Microsoft.HealthBot/healthBots/deploy.bicep +++ b/arm/Microsoft.HealthBot/healthBots/deploy.bicep @@ -55,7 +55,7 @@ resource azureHealthBot_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e scope: azureHealthBot } -module healthBot_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module healthBot_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-HealthBot-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Insights/actionGroups/deploy.bicep b/arm/Microsoft.Insights/actionGroups/deploy.bicep index 8f369c1ff4..fbb29d8d19 100644 --- a/arm/Microsoft.Insights/actionGroups/deploy.bicep +++ b/arm/Microsoft.Insights/actionGroups/deploy.bicep @@ -81,7 +81,7 @@ resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' = { } } -module actionGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module actionGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ActionGroup-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Insights/activityLogAlerts/deploy.bicep b/arm/Microsoft.Insights/activityLogAlerts/deploy.bicep index 4453cb6395..caab86e9f7 100644 --- a/arm/Microsoft.Insights/activityLogAlerts/deploy.bicep +++ b/arm/Microsoft.Insights/activityLogAlerts/deploy.bicep @@ -64,7 +64,7 @@ resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' = { } } -module activityLogAlert_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module activityLogAlert_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ActivityLogAlert-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Insights/components/deploy.bicep b/arm/Microsoft.Insights/components/deploy.bicep index 3f2d73111c..3bdc2f9f3d 100644 --- a/arm/Microsoft.Insights/components/deploy.bicep +++ b/arm/Microsoft.Insights/components/deploy.bicep @@ -86,7 +86,7 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' = { } } -module appInsights_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module appInsights_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppInsights-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Insights/metricAlerts/deploy.bicep b/arm/Microsoft.Insights/metricAlerts/deploy.bicep index 2fbc4fdc0d..14edcd37bf 100644 --- a/arm/Microsoft.Insights/metricAlerts/deploy.bicep +++ b/arm/Microsoft.Insights/metricAlerts/deploy.bicep @@ -119,7 +119,7 @@ resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = { } } -module metricAlert_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module metricAlert_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-MetricAlert-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep index 18a8c7696d..2b56092e8c 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep @@ -88,7 +88,7 @@ module privateLinkScope_privateEndpoints '../../Microsoft.Network/privateEndpoin } }] -module privateLinkScope_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module privateLinkScope_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-PvtLinkScope-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Insights/scheduledQueryRules/deploy.bicep b/arm/Microsoft.Insights/scheduledQueryRules/deploy.bicep index d59d88817a..f9313a62ff 100644 --- a/arm/Microsoft.Insights/scheduledQueryRules/deploy.bicep +++ b/arm/Microsoft.Insights/scheduledQueryRules/deploy.bicep @@ -105,7 +105,7 @@ resource queryRule 'Microsoft.Insights/scheduledQueryRules@2021-02-01-preview' = } } -module queryRule_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module queryRule_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-QueryRule-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.KeyVault/vaults/deploy.bicep b/arm/Microsoft.KeyVault/vaults/deploy.bicep index b0314495cb..73099fa1f3 100644 --- a/arm/Microsoft.KeyVault/vaults/deploy.bicep +++ b/arm/Microsoft.KeyVault/vaults/deploy.bicep @@ -301,7 +301,7 @@ module keyVault_privateEndpoints '../../Microsoft.Network/privateEndpoints/deplo } }] -module keyVault_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module keyVault_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-KeyVault-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep b/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep index 60432671eb..1b25378b60 100644 --- a/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep +++ b/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep @@ -88,7 +88,7 @@ resource key 'Microsoft.KeyVault/vaults/keys@2019-09-01' = { } } -module key_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module key_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep b/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep index ceb2663d0b..842528bbb2 100644 --- a/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep +++ b/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep @@ -61,7 +61,7 @@ resource secret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = { } } -module secret_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module secret_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Logic/workflows/deploy.bicep b/arm/Microsoft.Logic/workflows/deploy.bicep index 98cfe8608c..2820d69b8c 100644 --- a/arm/Microsoft.Logic/workflows/deploy.bicep +++ b/arm/Microsoft.Logic/workflows/deploy.bicep @@ -208,7 +208,7 @@ resource logicApp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021 scope: logicApp } -module logicApp_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module logicApp_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-LogicApp-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep index 3541bb651a..2134953372 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -277,7 +277,7 @@ module workspace_privateEndpoints '../../Microsoft.Network/privateEndpoints/depl } }] -module workspace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-MLWorkspace-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep index 78d3ee9855..6b15bd61ad 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep @@ -48,7 +48,7 @@ resource userMsi_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lo scope: userMsi } -module userMsi_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module userMsi_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-UserMSI-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep index 0115c75289..53a5c5e865 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep @@ -91,7 +91,7 @@ module capacityPool_volumes 'volumes/deploy.bicep' = [for (volume, index) in vol } }] -module capacityPool_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module capacityPool_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep index 8c4a6eae33..a4a39895dd 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep @@ -76,7 +76,7 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-06-0 } } -module volume_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module volume_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep index 0a30cf3c68..b4fbeef426 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep @@ -86,7 +86,7 @@ resource netAppAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!em scope: netAppAccount } -module netAppAccount_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module netAppAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ANFAccount-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/applicationGateways/deploy.bicep b/arm/Microsoft.Network/applicationGateways/deploy.bicep index feaa45454f..6d0c7056a3 100644 --- a/arm/Microsoft.Network/applicationGateways/deploy.bicep +++ b/arm/Microsoft.Network/applicationGateways/deploy.bicep @@ -270,53 +270,53 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-05-01' = tags: tags identity: identity properties: union({ - authenticationCertificates: authenticationCertificates - autoscaleConfiguration: autoscaleMaxCapacity > 0 && autoscaleMinCapacity >= 0 ? { - maxCapacity: autoscaleMaxCapacity - minCapacity: autoscaleMinCapacity - } : null - backendAddressPools: backendAddressPools - backendHttpSettingsCollection: backendHttpSettingsCollection - customErrorConfigurations: customErrorConfigurations - enableHttp2: enableHttp2 - firewallPolicy: !empty(firewallPolicyId) ? { - id: firewallPolicyId - } : null - forceFirewallPolicyAssociation: !empty(firewallPolicyId) - frontendIPConfigurations: frontendIPConfigurations - frontendPorts: frontendPorts - gatewayIPConfigurations: gatewayIPConfigurations - globalConfiguration: { - enableRequestBuffering: enableRequestBuffering - enableResponseBuffering: enableResponseBuffering - } - httpListeners: httpListeners - loadDistributionPolicies: loadDistributionPolicies - privateLinkConfigurations: privateLinkConfigurations - probes: probes - redirectConfigurations: redirectConfigurations - requestRoutingRules: requestRoutingRules - rewriteRuleSets: rewriteRuleSets - sku: { - name: sku - tier: endsWith(sku, 'v2') ? sku : substring(sku, 0, indexOf(sku, '_')) - capacity: autoscaleMaxCapacity > 0 && autoscaleMinCapacity >= 0 ? null : capacity - } - sslCertificates: sslCertificates - sslPolicy: { - cipherSuites: sslPolicyCipherSuites - minProtocolVersion: sslPolicyMinProtocolVersion - policyName: empty(sslPolicyName) ? null : sslPolicyName - policyType: sslPolicyType - } - sslProfiles: sslProfiles - trustedClientCertificates: trustedClientCertificates - trustedRootCertificates: trustedRootCertificates - urlPathMaps: urlPathMaps - webApplicationFirewallConfiguration: webApplicationFirewallConfiguration - }, (enableFips ? { - enableFips: enableFips - } : {}), {}) + authenticationCertificates: authenticationCertificates + autoscaleConfiguration: autoscaleMaxCapacity > 0 && autoscaleMinCapacity >= 0 ? { + maxCapacity: autoscaleMaxCapacity + minCapacity: autoscaleMinCapacity + } : null + backendAddressPools: backendAddressPools + backendHttpSettingsCollection: backendHttpSettingsCollection + customErrorConfigurations: customErrorConfigurations + enableHttp2: enableHttp2 + firewallPolicy: !empty(firewallPolicyId) ? { + id: firewallPolicyId + } : null + forceFirewallPolicyAssociation: !empty(firewallPolicyId) + frontendIPConfigurations: frontendIPConfigurations + frontendPorts: frontendPorts + gatewayIPConfigurations: gatewayIPConfigurations + globalConfiguration: { + enableRequestBuffering: enableRequestBuffering + enableResponseBuffering: enableResponseBuffering + } + httpListeners: httpListeners + loadDistributionPolicies: loadDistributionPolicies + privateLinkConfigurations: privateLinkConfigurations + probes: probes + redirectConfigurations: redirectConfigurations + requestRoutingRules: requestRoutingRules + rewriteRuleSets: rewriteRuleSets + sku: { + name: sku + tier: endsWith(sku, 'v2') ? sku : substring(sku, 0, indexOf(sku, '_')) + capacity: autoscaleMaxCapacity > 0 && autoscaleMinCapacity >= 0 ? null : capacity + } + sslCertificates: sslCertificates + sslPolicy: { + cipherSuites: sslPolicyCipherSuites + minProtocolVersion: sslPolicyMinProtocolVersion + policyName: empty(sslPolicyName) ? null : sslPolicyName + policyType: sslPolicyType + } + sslProfiles: sslProfiles + trustedClientCertificates: trustedClientCertificates + trustedRootCertificates: trustedRootCertificates + urlPathMaps: urlPathMaps + webApplicationFirewallConfiguration: webApplicationFirewallConfiguration + }, (enableFips ? { + enableFips: enableFips + } : {}), {}) zones: zones } @@ -342,7 +342,7 @@ resource applicationGateway_diagnosticSettingName 'Microsoft.Insights/diagnostic scope: applicationGateway } -module applicationGateway_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module applicationGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppGateway-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep index 9c7a9f103a..ec5da87594 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep @@ -49,7 +49,7 @@ resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01 scope: applicationSecurityGroup } -module applicationSecurityGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module applicationSecurityGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppSecurityGroup-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/azureFirewalls/deploy.bicep b/arm/Microsoft.Network/azureFirewalls/deploy.bicep index 4f80e3e552..39af5579d8 100644 --- a/arm/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/arm/Microsoft.Network/azureFirewalls/deploy.bicep @@ -268,7 +268,7 @@ resource azureFirewall_diagnosticSettings 'Microsoft.Insights/diagnosticSettings scope: azureFirewall } -module azureFirewall_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module azureFirewall_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AzFW-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index be8b1ee09a..cf7adde44e 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -116,12 +116,12 @@ var newPip = { } var ipConfigurations = concat([ - { - name: 'IpConfAzureBastionSubnet' - //Use existing public ip, new public ip created in this module, or none if isCreateDefaultPublicIP is false - properties: union(subnet_var, !empty(azureBastionSubnetPublicIpId) ? existingPip : {}, (isCreateDefaultPublicIP ? newPip : {})) - } -], additionalPublicIpConfigurations_var) + { + name: 'IpConfAzureBastionSubnet' + //Use existing public ip, new public ip created in this module, or none if isCreateDefaultPublicIP is false + properties: union(subnet_var, !empty(azureBastionSubnetPublicIpId) ? existingPip : {}, (isCreateDefaultPublicIP ? newPip : {})) + } + ], additionalPublicIpConfigurations_var) // ---------------------------------------------------------------------------- @@ -202,7 +202,7 @@ resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ scope: azureBastion } -module azureBastion_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module azureBastion_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Bastion-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep index 55550d003f..489a38fc87 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep +++ b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep @@ -50,7 +50,7 @@ resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if scope: ddosProtectionPlan } -module ddosProtectionPlan_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module ddosProtectionPlan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-DDoSProtectionPlan-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep index 52d3866895..73f031e75c 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -196,7 +196,7 @@ resource expressRouteCircuits_diagnosticSettings 'Microsoft.Insights/diagnosticS scope: expressRouteCircuits } -module expressRouteCircuits_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module expressRouteCircuits_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ExpRouteCircuits-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/frontDoors/deploy.bicep b/arm/Microsoft.Network/frontDoors/deploy.bicep index 868746dc0e..a279b88e22 100644 --- a/arm/Microsoft.Network/frontDoors/deploy.bicep +++ b/arm/Microsoft.Network/frontDoors/deploy.bicep @@ -157,7 +157,7 @@ resource frontDoor_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@ scope: frontDoor } -module frontDoor_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module frontDoor_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppGateway-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/ipGroups/deploy.bicep b/arm/Microsoft.Network/ipGroups/deploy.bicep index 5c8742665b..0f014a980f 100644 --- a/arm/Microsoft.Network/ipGroups/deploy.bicep +++ b/arm/Microsoft.Network/ipGroups/deploy.bicep @@ -55,7 +55,7 @@ resource ipGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lo scope: ipGroup } -module ipGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module ipGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-IPGroup-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/loadBalancers/deploy.bicep b/arm/Microsoft.Network/loadBalancers/deploy.bicep index 1ace647746..db0c0aa54f 100644 --- a/arm/Microsoft.Network/loadBalancers/deploy.bicep +++ b/arm/Microsoft.Network/loadBalancers/deploy.bicep @@ -246,7 +246,7 @@ resource loadBalancer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ scope: loadBalancer } -module loadBalancer_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module loadBalancer_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-LoadBalancer-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep index 12d5d30798..085112ac98 100644 --- a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep @@ -81,7 +81,7 @@ resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = i scope: localNetworkGateway } -module localNetworkGateway_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module localNetworkGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-LocalNetworkGateway-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/natGateways/deploy.bicep b/arm/Microsoft.Network/natGateways/deploy.bicep index a313811a1f..df4e49b9fe 100644 --- a/arm/Microsoft.Network/natGateways/deploy.bicep +++ b/arm/Microsoft.Network/natGateways/deploy.bicep @@ -193,7 +193,7 @@ resource natGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty scope: natGateway } -module natGateway_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module natGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-NatGateway-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/arm/Microsoft.Network/networkInterfaces/deploy.bicep index 34fe2c04bf..e7615dfe27 100644 --- a/arm/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/arm/Microsoft.Network/networkInterfaces/deploy.bicep @@ -144,7 +144,7 @@ resource networkInterface_lock 'Microsoft.Authorization/locks@2017-04-01' = if ( scope: networkInterface } -module networkInterface_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module networkInterface_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-NIC-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep index 3e51280910..38c7baa1a6 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep @@ -150,7 +150,7 @@ resource networkSecurityGroup_diagnosticSettings 'Microsoft.Insights/diagnosticS scope: networkSecurityGroup } -module networkSecurityGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module networkSecurityGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-NSG-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index ae61cc3fd3..91ca4fca57 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -58,7 +58,7 @@ resource networkWatcher_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e scope: networkWatcher } -module networkWatcher_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module networkWatcher_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-NW-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/A/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/A/deploy.bicep index 49e6309abf..b5318a28cb 100644 --- a/arm/Microsoft.Network/privateDnsZones/A/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/A/deploy.bicep @@ -45,7 +45,7 @@ resource A 'Microsoft.Network/privateDnsZones/A@2020-06-01' = { } } -module A_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module A_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSA-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep index 4d31d07420..75471310d9 100644 --- a/arm/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep @@ -45,7 +45,7 @@ resource AAAA 'Microsoft.Network/privateDnsZones/AAAA@2020-06-01' = { } } -module AAAA_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module AAAA_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSAAAA-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep index 230320b6dc..dff254b6c4 100644 --- a/arm/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep @@ -45,7 +45,7 @@ resource CNAME 'Microsoft.Network/privateDnsZones/CNAME@2020-06-01' = { } } -module CNAME_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module CNAME_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSCNAME-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/MX/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/MX/deploy.bicep index 7bd01356fb..ad6e1c6e12 100644 --- a/arm/Microsoft.Network/privateDnsZones/MX/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/MX/deploy.bicep @@ -45,7 +45,7 @@ resource MX 'Microsoft.Network/privateDnsZones/MX@2020-06-01' = { } } -module MX_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module MX_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSMX-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/PTR/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/PTR/deploy.bicep index 4d83d996ba..123347591a 100644 --- a/arm/Microsoft.Network/privateDnsZones/PTR/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/PTR/deploy.bicep @@ -31,7 +31,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -module PTR_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module PTR_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSPTR-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/SOA/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/SOA/deploy.bicep index 256047114d..440768cd19 100644 --- a/arm/Microsoft.Network/privateDnsZones/SOA/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/SOA/deploy.bicep @@ -45,7 +45,7 @@ resource SOA 'Microsoft.Network/privateDnsZones/SOA@2020-06-01' = { } } -module SOA_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module SOA_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSSOA-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/SRV/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/SRV/deploy.bicep index d15b8b6a32..7f3f62be7e 100644 --- a/arm/Microsoft.Network/privateDnsZones/SRV/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/SRV/deploy.bicep @@ -45,7 +45,7 @@ resource SRV 'Microsoft.Network/privateDnsZones/SRV@2020-06-01' = { } } -module SRV_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module SRV_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSSRV-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/TXT/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/TXT/deploy.bicep index e718bdbcdb..22ee2d2c18 100644 --- a/arm/Microsoft.Network/privateDnsZones/TXT/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/TXT/deploy.bicep @@ -45,7 +45,7 @@ resource TXT 'Microsoft.Network/privateDnsZones/TXT@2020-06-01' = { } } -module TXT_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module TXT_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-PDNSTXT-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateDnsZones/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/deploy.bicep index 4215fe8ae3..fe12dc9a65 100644 --- a/arm/Microsoft.Network/privateDnsZones/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/deploy.bicep @@ -194,7 +194,7 @@ resource privateDnsZone_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e scope: privateDnsZone } -module privateDnsZone_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module privateDnsZone_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/privateEndpoints/deploy.bicep b/arm/Microsoft.Network/privateEndpoints/deploy.bicep index 3ffdeae2d6..06cab55b1f 100644 --- a/arm/Microsoft.Network/privateEndpoints/deploy.bicep +++ b/arm/Microsoft.Network/privateEndpoints/deploy.bicep @@ -93,7 +93,7 @@ resource privateEndpoint_lock 'Microsoft.Authorization/locks@2017-04-01' = if (! scope: privateEndpoint } -module privateEndpoint_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module privateEndpoint_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-PrivateEndpoint-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep index ed246c9e81..1250d6f966 100644 --- a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep +++ b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep @@ -170,7 +170,7 @@ resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettin scope: publicIpAddress } -module publicIpAddress_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module publicIpAddress_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-PIPAddress-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep index b9a7b6dfc0..7243033c9c 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep +++ b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep @@ -61,7 +61,7 @@ resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e scope: publicIpPrefix } -module publicIpPrefix_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module publicIpPrefix_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-PIPPrefix-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/routeTables/deploy.bicep b/arm/Microsoft.Network/routeTables/deploy.bicep index feda9c9f10..9f21c8ec56 100644 --- a/arm/Microsoft.Network/routeTables/deploy.bicep +++ b/arm/Microsoft.Network/routeTables/deploy.bicep @@ -58,7 +58,7 @@ resource routeTable_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty scope: routeTable } -module routeTable_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module routeTable_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-RouteTable-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep index 5edd17fc73..b9b15370e0 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -170,7 +170,7 @@ resource trafficManagerProfile_diagnosticSettings 'Microsoft.Insights/diagnostic scope: trafficManagerProfile } -module trafficManagerProfile_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module trafficManagerProfile_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name)}-TrafficManagerProfile-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep index cf8b14368a..b51bbf4793 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep @@ -381,7 +381,7 @@ resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnostic scope: virtualNetworkGateway } -module virtualNetworkGateway_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module virtualNetworkGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VNetGateway-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 94524b8b31..8788f56ae6 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -235,7 +235,7 @@ resource virtualNetwork_diagnosticSettings 'Microsoft.Insights/diagnosticSetting scope: virtualNetwork } -module virtualNetwork_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module virtualNetwork_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VNet-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep index c894752a1d..481ff70914 100644 --- a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -97,7 +97,7 @@ resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = { } } -module subnet_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module subnet_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, subnet.id)}-Subnet-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index 8543386fe3..55b2d69b2c 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -70,7 +70,7 @@ resource virtualWan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty scope: virtualWan } -module virtualWan_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module virtualWan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VWan-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Network/vpnSites/deploy.bicep b/arm/Microsoft.Network/vpnSites/deploy.bicep index 0c62973913..6bb79563e8 100644 --- a/arm/Microsoft.Network/vpnSites/deploy.bicep +++ b/arm/Microsoft.Network/vpnSites/deploy.bicep @@ -86,7 +86,7 @@ resource vpnSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lo scope: vpnSite } -module vpnSite_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module vpnSite_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-VWan-Rbac-${index}' params: { principalIds: roleAssignment.principalIds diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index ef5d91997d..92f5c27c3c 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -256,7 +256,7 @@ resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2017-04-01' = scope: logAnalyticsWorkspace } -module logAnalyticsWorkspace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module logAnalyticsWorkspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-LAW-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index 2c7c040855..bf14eeb3cb 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -261,7 +261,7 @@ resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-0 scope: rsv } -module rsv_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module rsv_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-RSV-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Resources/resourceGroups/deploy.bicep b/arm/Microsoft.Resources/resourceGroups/deploy.bicep index e5f23ab7e8..503d2fc765 100644 --- a/arm/Microsoft.Resources/resourceGroups/deploy.bicep +++ b/arm/Microsoft.Resources/resourceGroups/deploy.bicep @@ -52,7 +52,7 @@ module resourceGroup_lock '../../Microsoft.Authorization/locks/resourceGroup/dep scope: resourceGroup } -module resourceGroup_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module resourceGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-RG-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep index d84954cc60..0344fb6c91 100644 --- a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -329,7 +329,7 @@ module serviceBusNamespace_privateEndpoints '../../Microsoft.Network/privateEndp } }] -module serviceBusNamespace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module serviceBusNamespace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep index a43ed6795c..3a8e541cc4 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep @@ -140,7 +140,7 @@ resource queue_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock scope: queue } -module queue_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module queue_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/topics/deploy.bicep index e88f0c7830..273d7e8b57 100644 --- a/arm/Microsoft.ServiceBus/namespaces/topics/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/topics/deploy.bicep @@ -136,7 +136,7 @@ resource topic_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock scope: topic } -module topic_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module topic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.ServiceFabric/clusters/deploy.bicep b/arm/Microsoft.ServiceFabric/clusters/deploy.bicep index 535894f72c..1b8f93e722 100644 --- a/arm/Microsoft.ServiceFabric/clusters/deploy.bicep +++ b/arm/Microsoft.ServiceFabric/clusters/deploy.bicep @@ -183,26 +183,26 @@ var notifications_var = [for notification in notifications: { }] var upgradeDescription_var = union({ - deltaHealthPolicy: { - applicationDeltaHealthPolicies: contains(upgradeDescription, 'applicationDeltaHealthPolicies') ? upgradeDescription.applicationDeltaHealthPolicies : {} - maxPercentDeltaUnhealthyApplications: contains(upgradeDescription, 'maxPercentDeltaUnhealthyApplications') ? upgradeDescription.maxPercentDeltaUnhealthyApplications : 0 - maxPercentDeltaUnhealthyNodes: contains(upgradeDescription, 'maxPercentDeltaUnhealthyNodes') ? upgradeDescription.maxPercentDeltaUnhealthyNodes : 0 - maxPercentUpgradeDomainDeltaUnhealthyNodes: contains(upgradeDescription, 'maxPercentUpgradeDomainDeltaUnhealthyNodes') ? upgradeDescription.maxPercentUpgradeDomainDeltaUnhealthyNodes : 0 - } - forceRestart: contains(upgradeDescription, 'forceRestart') ? upgradeDescription.forceRestart : false - healthCheckRetryTimeout: contains(upgradeDescription, 'healthCheckRetryTimeout') ? upgradeDescription.healthCheckRetryTimeout : '00:45:00' - healthCheckStableDuration: contains(upgradeDescription, 'healthCheckStableDuration') ? upgradeDescription.healthCheckStableDuration : '00:01:00' - healthCheckWaitDuration: contains(upgradeDescription, 'healthCheckWaitDuration') ? upgradeDescription.healthCheckWaitDuration : '00:00:30' - upgradeDomainTimeout: contains(upgradeDescription, 'upgradeDomainTimeout') ? upgradeDescription.upgradeDomainTimeout : '02:00:00' - upgradeReplicaSetCheckTimeout: contains(upgradeDescription, 'upgradeReplicaSetCheckTimeout') ? upgradeDescription.upgradeReplicaSetCheckTimeout : '1.00:00:00' - upgradeTimeout: contains(upgradeDescription, 'upgradeTimeout') ? upgradeDescription.upgradeTimeout : '02:00:00' -}, contains(upgradeDescription, 'healthPolicy') ? { - healthPolicy: { - applicationHealthPolicies: contains(upgradeDescription.healthPolicy, 'applicationHealthPolicies') ? upgradeDescription.healthPolicy.applicationHealthPolicies : {} - maxPercentUnhealthyApplications: contains(upgradeDescription.healthPolicy, 'maxPercentUnhealthyApplications') ? upgradeDescription.healthPolicy.maxPercentUnhealthyApplications : 0 - maxPercentUnhealthyNodes: contains(upgradeDescription.healthPolicy, 'maxPercentUnhealthyNodes') ? upgradeDescription.healthPolicy.maxPercentUnhealthyNodes : 0 - } -} : {}) + deltaHealthPolicy: { + applicationDeltaHealthPolicies: contains(upgradeDescription, 'applicationDeltaHealthPolicies') ? upgradeDescription.applicationDeltaHealthPolicies : {} + maxPercentDeltaUnhealthyApplications: contains(upgradeDescription, 'maxPercentDeltaUnhealthyApplications') ? upgradeDescription.maxPercentDeltaUnhealthyApplications : 0 + maxPercentDeltaUnhealthyNodes: contains(upgradeDescription, 'maxPercentDeltaUnhealthyNodes') ? upgradeDescription.maxPercentDeltaUnhealthyNodes : 0 + maxPercentUpgradeDomainDeltaUnhealthyNodes: contains(upgradeDescription, 'maxPercentUpgradeDomainDeltaUnhealthyNodes') ? upgradeDescription.maxPercentUpgradeDomainDeltaUnhealthyNodes : 0 + } + forceRestart: contains(upgradeDescription, 'forceRestart') ? upgradeDescription.forceRestart : false + healthCheckRetryTimeout: contains(upgradeDescription, 'healthCheckRetryTimeout') ? upgradeDescription.healthCheckRetryTimeout : '00:45:00' + healthCheckStableDuration: contains(upgradeDescription, 'healthCheckStableDuration') ? upgradeDescription.healthCheckStableDuration : '00:01:00' + healthCheckWaitDuration: contains(upgradeDescription, 'healthCheckWaitDuration') ? upgradeDescription.healthCheckWaitDuration : '00:00:30' + upgradeDomainTimeout: contains(upgradeDescription, 'upgradeDomainTimeout') ? upgradeDescription.upgradeDomainTimeout : '02:00:00' + upgradeReplicaSetCheckTimeout: contains(upgradeDescription, 'upgradeReplicaSetCheckTimeout') ? upgradeDescription.upgradeReplicaSetCheckTimeout : '1.00:00:00' + upgradeTimeout: contains(upgradeDescription, 'upgradeTimeout') ? upgradeDescription.upgradeTimeout : '02:00:00' + }, contains(upgradeDescription, 'healthPolicy') ? { + healthPolicy: { + applicationHealthPolicies: contains(upgradeDescription.healthPolicy, 'applicationHealthPolicies') ? upgradeDescription.healthPolicy.applicationHealthPolicies : {} + maxPercentUnhealthyApplications: contains(upgradeDescription.healthPolicy, 'maxPercentUnhealthyApplications') ? upgradeDescription.healthPolicy.maxPercentUnhealthyApplications : 0 + maxPercentUnhealthyNodes: contains(upgradeDescription.healthPolicy, 'maxPercentUnhealthyNodes') ? upgradeDescription.healthPolicy.maxPercentUnhealthyNodes : 0 + } + } : {}) resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' @@ -290,7 +290,7 @@ resource serviceFabricCluster_lock 'Microsoft.Authorization/locks@2017-04-01' = } // Service Fabric cluster RBAC assignment -module serviceFabricCluster_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module serviceFabricCluster_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ServiceFabric-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Sql/managedInstances/deploy.bicep b/arm/Microsoft.Sql/managedInstances/deploy.bicep index f8ecf40024..4c4bbd46e3 100644 --- a/arm/Microsoft.Sql/managedInstances/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/deploy.bicep @@ -270,7 +270,7 @@ resource managedInstance_diagnosticSettings 'Microsoft.Insights/diagnosticsettin scope: managedInstance } -module managedInstance_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module managedInstance_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-SqlMi-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index a943bf9afd..91e1453530 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -102,7 +102,7 @@ resource server_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(loc scope: server } -module server_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module server_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Sql-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep index f4f6cb6c58..2f19f5fb2d 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep @@ -70,7 +70,7 @@ module immutabilityPolicy 'immutabilityPolicies/deploy.bicep' = if (!empty(immut } } -module container_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module container_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index 8654467136..3197f8c17f 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -268,7 +268,7 @@ resource storageAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e scope: storageAccount } -module storageAccount_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module storageAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Storage-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep index c70d661c65..979a601b13 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep @@ -62,7 +62,7 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-0 } } -module fileShare_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module fileShare_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep index b812d142f1..5abea9c492 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep @@ -45,7 +45,7 @@ resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2019-06-0 } } -module queue_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module queue_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep index 72083d0a54..522c590aa2 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep @@ -55,7 +55,7 @@ resource privateLinkHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e } // RBAC -module privateLinkHub_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module privateLinkHub_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep index d871b0c4f9..8dc204a0b5 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep @@ -164,7 +164,7 @@ resource imageTemplate_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!em scope: imageTemplate } -module imageTemplate_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module imageTemplate_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-ImageTemplate-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Web/connections/deploy.bicep b/arm/Microsoft.Web/connections/deploy.bicep index 48c60e7d23..cb7ee4b257 100644 --- a/arm/Microsoft.Web/connections/deploy.bicep +++ b/arm/Microsoft.Web/connections/deploy.bicep @@ -82,7 +82,7 @@ resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty scope: connection } -module connection_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module connection_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Connection-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep index 98f2da741a..b93e5bd838 100644 --- a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep +++ b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep @@ -170,7 +170,7 @@ resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnostic scope: appServiceEnvironment } -module appServiceEnvironment_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module appServiceEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Web/serverfarms/deploy.bicep b/arm/Microsoft.Web/serverfarms/deploy.bicep index 278a369a95..ce4e22f60d 100644 --- a/arm/Microsoft.Web/serverfarms/deploy.bicep +++ b/arm/Microsoft.Web/serverfarms/deploy.bicep @@ -158,7 +158,7 @@ resource appServicePlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!e scope: appServicePlan } -module appServicePlan_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module appServicePlan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-AppServicePlan-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Web/sites/deploy.bicep b/arm/Microsoft.Web/sites/deploy.bicep index 55db6c425d..fe58ab36e0 100644 --- a/arm/Microsoft.Web/sites/deploy.bicep +++ b/arm/Microsoft.Web/sites/deploy.bicep @@ -244,7 +244,7 @@ resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-0 scope: app } -module app_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module app_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Site-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/arm/Microsoft.Web/staticSites/deploy.bicep index 382741ee17..6b3a326840 100644 --- a/arm/Microsoft.Web/staticSites/deploy.bicep +++ b/arm/Microsoft.Web/staticSites/deploy.bicep @@ -129,7 +129,7 @@ resource staticSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty scope: staticSite } -module staticSite_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module staticSite_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-StaticSite-Rbac-${index}' params: { principalIds: roleAssignment.principalIds diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index bc63baa5f3..4871057553 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -185,7 +185,7 @@ The RBAC deployment has 2 elements. A module that contains the implementation, a @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -module _rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module _roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${deployment().name}-rbac-${index}' params: { principalIds: roleAssignment.principalIds @@ -442,7 +442,7 @@ Within a bicep file, use the following conventions: ``` ## Modules - - Module symbolic names are in camel_Snake_Case, following the schema `_` e.g., `storageAccount_fileServices`, `virtualMachine_nic`, `resourceGroup_rbac`. + - Module symbolic names are in camel_Snake_Case, following the schema `_` e.g., `storageAccount_fileServices`, `virtualMachine_nic`, `resourceGroup_roleAssignments`. - Modules enable you to reuse code from a Bicep file in other Bicep files. As such, they're normally leveraged for deploying child resources (e.g., file services in a storage account), cross referenced resources (e.g., network interface in a virtual machine) or extension resources (e.g., role assignment in a resource group). - When a module requires to deploy a resource whose resource type is outside of the main module's provider namespace, the module of this additional resource is referenced locally. For example, when extending the Key Vault module with Private Endpoints, instead of including in the Key Vault module an ad hoc implementation of a Private Endpoint, the Key Vault directly references the Private Endpoint module (i.e., `module privateEndpoint 'https://github.com/Azure/ResourceModules/blob/main/Microsoft.Network/privateEndpoints/deploy.bicep'`). Major benefits of this implementation are less code duplication, more consistency throughout the module library and allowing the consumer to leverage the full interface provided by the referenced module. > **Note**: Cross-referencing modules from the local repository creates a dependency for the modules applying this technique on the referenced modules being part of the local repository. Reusing the example from above, the Key Vault module has a dependency on the referenced Private Endpoint module, meaning that the repository from which the Key Vault module is deployed also requires the Private Endpoint module to be present. For this reason, we provide a utility to check for any local module references in a given path. This can be useful to determine which module folders you'd need if you don't want to keep the entire library. For further information on how to use the tool, please refer to the tool-specific [documentation](./Getting%20started%20-%20Get%20module%20cross-references). @@ -471,7 +471,7 @@ While exceptions might be needed, the following guidance should be followed as m ``` > **Example**: for the `roleAssignment` deployment in the Key Vault `secrets` template > ``` - > module secret_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { + > module secret_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { > name: '${deployment().name}-Rbac-${index}' > ```